summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorWim <wim@42.be>2021-12-19 14:39:24 +0100
committerWim <wim@42.be>2021-12-19 14:39:24 +0100
commit8f7ab280e2ea4011ad3c495d7ef843d82dec2be5 (patch)
tree931b7b1f5dd7332e180e989cca88c83f12624c79
parentdbedc994216fa2e932f1aefd3ea27832419b85ef (diff)
downloadmatterbridge-msglm-8f7ab280e2ea4011ad3c495d7ef843d82dec2be5.tar.gz
matterbridge-msglm-8f7ab280e2ea4011ad3c495d7ef843d82dec2be5.tar.bz2
matterbridge-msglm-8f7ab280e2ea4011ad3c495d7ef843d82dec2be5.zip
Fix codeql warnings
-rw-r--r--go.mod2
-rw-r--r--hook/rockethook/rockethook.go8
-rw-r--r--vendor/modules.txt2
3 files changed, 8 insertions, 4 deletions
diff --git a/go.mod b/go.mod
index c17b9a32..3371e9d2 100644
--- a/go.mod
+++ b/go.mod
@@ -121,7 +121,7 @@ require (
go.uber.org/zap v1.17.0 // indirect
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 // indirect
golang.org/x/net v0.0.0-20211006190231-62292e806868 // indirect
- golang.org/x/sys v0.0.0-20211006225509-1a26e0398eed // indirect
+ golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac // indirect
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 // indirect
golang.org/x/text v0.3.7 // indirect
golang.org/x/time v0.0.0-20201208040808-7e3f01d25324 // indirect
diff --git a/hook/rockethook/rockethook.go b/hook/rockethook/rockethook.go
index 1ac8cb02..38f53e4a 100644
--- a/hook/rockethook/rockethook.go
+++ b/hook/rockethook/rockethook.go
@@ -7,6 +7,7 @@ import (
"log"
"net"
"net/http"
+ "regexp"
)
// Message for rocketchat outgoing webhook.
@@ -68,7 +69,6 @@ func (c *Client) ServeHTTP(w http.ResponseWriter, r *http.Request) {
}
msg := Message{}
body, err := ioutil.ReadAll(r.Body)
- log.Println(string(body))
if err != nil {
log.Println(err)
http.NotFound(w, r)
@@ -89,7 +89,11 @@ func (c *Client) ServeHTTP(w http.ResponseWriter, r *http.Request) {
msg.ChannelName = "#" + msg.ChannelName
if c.Token != "" {
if msg.Token != c.Token {
- log.Println("invalid token " + msg.Token + " from " + r.RemoteAddr)
+ if regexp.MustCompile(`[^a-zA-Z0-9]+`).MatchString(msg.Token) {
+ log.Println("invalid token " + msg.Token + " from " + r.RemoteAddr)
+ } else {
+ log.Println("invalid token from " + r.RemoteAddr)
+ }
http.NotFound(w, r)
return
}
diff --git a/vendor/modules.txt b/vendor/modules.txt
index ee3f36dd..3be7583c 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -488,7 +488,7 @@ golang.org/x/oauth2
golang.org/x/oauth2/clientcredentials
golang.org/x/oauth2/internal
golang.org/x/oauth2/microsoft
-# golang.org/x/sys v0.0.0-20211006225509-1a26e0398eed
+# golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac
## explicit; go 1.17
golang.org/x/sys/cpu
golang.org/x/sys/internal/unsafeheader