Dark-Alex-17/kapow
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: Log injection prevention task

Browse Source
This commit is contained in:
César Gallego Rodríguez
2023-03-19 18:59:31 +01:00
parent 74f3c6f012
commit 7d3ebf4103
1 changed files with 13 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/server/data/resource.go
+13 -2
View File
@@ -22,6 +22,7 @@ import (
"net/http" "net/http"
"net/textproto" "net/textproto"
"strconv" "strconv"
"strings"
"github.com/BBVA/kapow/internal/logger" "github.com/BBVA/kapow/internal/logger"
"github.com/BBVA/kapow/internal/server/httperror" "github.com/BBVA/kapow/internal/server/httperror"
@@ -248,8 +249,18 @@ func setServerLog(w http.ResponseWriter, r *http.Request, h *model.Handler) {
} }
handlerId := mux.Vars(r)["handlerID"] handlerId := mux.Vars(r)["handlerID"]
if prefix := mux.Vars(r)["prefix"]; prefix == "" { if prefix := mux.Vars(r)["prefix"]; prefix == "" {
logger.L.Printf("%s %s\n", handlerId, msg) logger.L.Printf("%s %s\n", escapeString(handlerId), msg)
} else { } else {
logger.L.Printf("%s %s: %s\n", handlerId, prefix, msg) logger.L.Printf("%s %s: %s\n", escapeString(handlerId), escapeString(prefix), msg)
} }
} }
// function to scape strings in order to be printed in a Log
func escapeString(s string) string {
s = strings.Replace(s, "\n", "", -1)
s = strings.Replace(s, "\r", "", -1)
s = strings.Replace(s, "\t", "", -1)
s = strings.Replace(s, "\b", "", -1)
return s
}