Fix codeql warnings
This commit is contained in:
parent
dbedc99421
commit
8f7ab280e2
2
go.mod
2
go.mod
|
@ -121,7 +121,7 @@ require (
|
||||||
go.uber.org/zap v1.17.0 // indirect
|
go.uber.org/zap v1.17.0 // indirect
|
||||||
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 // indirect
|
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 // indirect
|
||||||
golang.org/x/net v0.0.0-20211006190231-62292e806868 // indirect
|
golang.org/x/net v0.0.0-20211006190231-62292e806868 // indirect
|
||||||
golang.org/x/sys v0.0.0-20211006225509-1a26e0398eed // indirect
|
golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac // indirect
|
||||||
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 // indirect
|
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 // indirect
|
||||||
golang.org/x/text v0.3.7 // indirect
|
golang.org/x/text v0.3.7 // indirect
|
||||||
golang.org/x/time v0.0.0-20201208040808-7e3f01d25324 // indirect
|
golang.org/x/time v0.0.0-20201208040808-7e3f01d25324 // indirect
|
||||||
|
|
|
@ -7,6 +7,7 @@ import (
|
||||||
"log"
|
"log"
|
||||||
"net"
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
"regexp"
|
||||||
)
|
)
|
||||||
|
|
||||||
// Message for rocketchat outgoing webhook.
|
// Message for rocketchat outgoing webhook.
|
||||||
|
@ -68,7 +69,6 @@ func (c *Client) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||||||
}
|
}
|
||||||
msg := Message{}
|
msg := Message{}
|
||||||
body, err := ioutil.ReadAll(r.Body)
|
body, err := ioutil.ReadAll(r.Body)
|
||||||
log.Println(string(body))
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Println(err)
|
log.Println(err)
|
||||||
http.NotFound(w, r)
|
http.NotFound(w, r)
|
||||||
|
@ -89,7 +89,11 @@ func (c *Client) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||||||
msg.ChannelName = "#" + msg.ChannelName
|
msg.ChannelName = "#" + msg.ChannelName
|
||||||
if c.Token != "" {
|
if c.Token != "" {
|
||||||
if msg.Token != c.Token {
|
if msg.Token != c.Token {
|
||||||
log.Println("invalid token " + msg.Token + " from " + r.RemoteAddr)
|
if regexp.MustCompile(`[^a-zA-Z0-9]+`).MatchString(msg.Token) {
|
||||||
|
log.Println("invalid token " + msg.Token + " from " + r.RemoteAddr)
|
||||||
|
} else {
|
||||||
|
log.Println("invalid token from " + r.RemoteAddr)
|
||||||
|
}
|
||||||
http.NotFound(w, r)
|
http.NotFound(w, r)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
|
@ -488,7 +488,7 @@ golang.org/x/oauth2
|
||||||
golang.org/x/oauth2/clientcredentials
|
golang.org/x/oauth2/clientcredentials
|
||||||
golang.org/x/oauth2/internal
|
golang.org/x/oauth2/internal
|
||||||
golang.org/x/oauth2/microsoft
|
golang.org/x/oauth2/microsoft
|
||||||
# golang.org/x/sys v0.0.0-20211006225509-1a26e0398eed
|
# golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac
|
||||||
## explicit; go 1.17
|
## explicit; go 1.17
|
||||||
golang.org/x/sys/cpu
|
golang.org/x/sys/cpu
|
||||||
golang.org/x/sys/internal/unsafeheader
|
golang.org/x/sys/internal/unsafeheader
|
||||||
|
|
Loading…
Reference in New Issue