You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@eventmesh.apache.org by ch...@apache.org on 2023/01/13 12:44:28 UTC
[incubator-eventmesh] 01/01: fix go server security issue
This is an automated email from the ASF dual-hosted git repository.
chenzhou pushed a commit to branch fix-go-server-security-issue
in repository https://gitbox.apache.org/repos/asf/incubator-eventmesh.git
commit c2609fdc8e7974ed4066f368094ebf069225bd1b
Author: horoc <ho...@gmail.com>
AuthorDate: Fri Jan 13 20:44:11 2023 +0800
fix go server security issue
---
eventmesh-server-go/examples/webhook/main.go | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/eventmesh-server-go/examples/webhook/main.go b/eventmesh-server-go/examples/webhook/main.go
index 66318d3e9..220be552b 100644
--- a/eventmesh-server-go/examples/webhook/main.go
+++ b/eventmesh-server-go/examples/webhook/main.go
@@ -62,10 +62,8 @@ func main() {
c.JSON(http.StatusOK, Err(err, "-1"))
return
}
- sps := strings.Split(content, "&")
- for _, sp := range sps {
- fmt.Println(sp)
- }
+
+ fmt.Printf("query content: %s \n", contentEscape(content))
c.JSON(http.StatusOK, OK("OK"))
}
router.Any("/*anypath", func(c *gin.Context) {
@@ -78,3 +76,9 @@ func main() {
panic(err)
}
}
+
+func contentEscape(content string) string {
+ escapedContent := strings.Replace(content, "\n", "", -1)
+ escapedContent = strings.Replace(content, "\r", "", -1)
+ return escapedContent
+}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@eventmesh.apache.org
For additional commands, e-mail: commits-help@eventmesh.apache.org