Skip to content

Add mitigation for log injection #2237

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 4 commits into from
Closed

Add mitigation for log injection #2237

wants to merge 4 commits into from

Conversation

junorouse
Copy link

@junorouse junorouse commented Feb 19, 2020
edited
Loading

Hello, I add a mitigation for log injection. It prevents that malicious user to do a log injection.

Before

$ curl --request "POST" "http://127.0.0.1:3000/%0a[GIN]%20..%20blahblah"

-->

[GIN] 2020/02/19 - 15:35:08 | 401 |     712.772µs |       127.0.0.1 | POST     /
[GIN] .. blahblah

After

$ curl --request "POST" "http://127.0.0.1:3000/%0a[GIN]%20..%20blahblah"

-->

[GIN] 2020/02/19 - 15:36:56 | 401 |     814.381µs |       127.0.0.1 | POST     "/\n[GIN] .. blahblah"

Thanks.

References

https://www.geeksforgeeks.org/log-injection/
https://golang.org/pkg/fmt/

@junorouse junorouse requested a review from appleboy February 19, 2020 06:52
@appleboy appleboy added this to the 1.6 milestone Feb 21, 2020
@appleboy appleboy requested a review from thinkerou February 21, 2020 06:55
thinkerou
thinkerou approved these changes Feb 21, 2020
View reviewed changes
Copy link
Member

@thinkerou thinkerou left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@thinkerou
Copy link
Member

why pending? @appleboy do you know?

@appleboy
Copy link
Member

@thinkerou I don't know. Maybe we should push a new commit to trigger Travis again.

thinkerou added a commit that referenced this pull request Feb 26, 2020
@thinkerou
copy #2237
5b4ee29
@thinkerou thinkerou mentioned this pull request Feb 26, 2020
Closed
@thinkerou
Copy link
Member

@appleboy ok please review #2265 , thanks @junorouse again.

@thinkerou thinkerou closed this Feb 26, 2020
@julieqiu julieqiu mentioned this pull request Dec 6, 2021
Open
@t0rchwo0d t0rchwo0d mentioned this pull request Feb 14, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@appleboy appleboy appleboy approved these changes

@thinkerou thinkerou thinkerou approved these changes

Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
1.6
Development

Successfully merging this pull request may close these issues.
3 participants
@junorouse @thinkerou @appleboy