Skip to content

Go: Add Tainted Path sanitizers#17759

Merged
owen-mc merged 10 commits intogithub:mainfrom
Kwstubbs:path-sanitizers
Feb 14, 2025
Merged

Go: Add Tainted Path sanitizers#17759
owen-mc merged 10 commits intogithub:mainfrom
Kwstubbs:path-sanitizers

Conversation

@Kwstubbs
Copy link
Contributor

@Kwstubbs Kwstubbs commented Oct 15, 2024
edited
Loading

Add gorilla mux.Vars sanitizer

@Kwstubbs Kwstubbs requested a review from a team as a code owner October 15, 2024 02:52
owen-mc
owen-mc reviewed Oct 15, 2024
View reviewed changes
Copy link
Contributor

@owen-mc owen-mc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add a test for net/url.URL.Path, and mention it in the change note. Also, why do you think that reading that field is a sanitizer? I don't see anything in the docs about what characters it may or may not contain.

@Kwstubbs
Copy link
Contributor Author

Kwstubbs commented Oct 15, 2024
edited
Loading

@owen-mc It seems the default mux also sanitizes the path using this function. It seems there are also some changes implemented in version 1.22 from the comments here that I have yet to test (I'm on 1.21). I'll go ahead and remove the net/url.URL.Path sanitizer for now and possibly come back to it.

@Kwstubbs Kwstubbs requested a review from owen-mc October 15, 2024 21:34
owen-mc
owen-mc reviewed Nov 7, 2024
View reviewed changes
Copy link
Contributor

@owen-mc owen-mc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good - just need to add two tests for SkipClean (called with true and false).

@Kwstubbs Kwstubbs requested a review from owen-mc November 13, 2024 00:21
owen-mc
owen-mc previously approved these changes Nov 13, 2024
View reviewed changes
Copy link
Contributor

@owen-mc owen-mc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good! Only very minor comments left.

@owen-mc
Copy link
Contributor

owen-mc commented Nov 13, 2024
edited
Loading

I think if you're just committing my suggestions it doesn't dismiss my review.

@Kwstubbs @owen-mc
Apply suggestions from code review
a94ba25 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
@Kwstubbs
Copy link
Contributor Author

Kwstubbs commented Nov 13, 2024

committing suggestions didn't work 😞

@Kwstubbs Kwstubbs requested a review from owen-mc November 13, 2024 22:48
owen-mc
owen-mc previously approved these changes Nov 13, 2024
View reviewed changes
@owen-mc
Copy link
Contributor

owen-mc commented Nov 13, 2024

committing suggestions didn't work 😞

Shows how much I know 😆 .

@Kwstubbs
Copy link
Contributor Author

Kwstubbs commented Feb 14, 2025

@owen-mc Just wanted to remind to merge since its been a couple months.

@owen-mc
Copy link
Contributor

owen-mc commented Feb 14, 2025
edited
Loading

Oh no! Sorry about that, it slipped off my list. Thanks for prodding me. Also, I forget that other people can't press the merge button 😆 . The postprocess queries that you're using were moved around so I've fixed the references, which should make CI pass.

owen-mc
owen-mc previously approved these changes Feb 14, 2025
View reviewed changes
@owen-mc owen-mc merged commit a9b9410 into github:main Feb 14, 2025
14 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@owen-mc owen-mc owen-mc approved these changes

Assignees

No one assigned

Labels

documentation Go

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Kwstubbs @owen-mc