htwkmooc/poseidon
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix CodeQL log injection warning

Browse Source 
by removing newlines from logged user input.
This commit is contained in:
Maximilian Paß
2022-06-01 18:21:41 +02:00
committed by Sebastian Serth
parent 97a2311a74
commit 1e59c1146e
4 changed files with 20 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
internal/api/auth/auth.go
View File

@@ -27,7 +27,8 @@ func HTTPAuthenticationMiddleware(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
token := r.Header.Get(TokenHeader)
if subtle.ConstantTimeCompare([]byte(token), correctAuthenticationToken) == 0 {
log.WithField("token", token).Warn("Incorrect token")
log.WithField("token", logging.RemoveNewlineSymbol(token)).
Warn("Incorrect token")
w.WriteHeader(http.StatusUnauthorized)
return
}