diff options
author | Wim <wim@42.be> | 2021-12-19 14:39:24 +0100 |
---|---|---|
committer | Wim <wim@42.be> | 2021-12-19 14:39:24 +0100 |
commit | 8f7ab280e2ea4011ad3c495d7ef843d82dec2be5 (patch) | |
tree | 931b7b1f5dd7332e180e989cca88c83f12624c79 | |
parent | dbedc994216fa2e932f1aefd3ea27832419b85ef (diff) | |
download | matterbridge-msglm-8f7ab280e2ea4011ad3c495d7ef843d82dec2be5.tar.gz matterbridge-msglm-8f7ab280e2ea4011ad3c495d7ef843d82dec2be5.tar.bz2 matterbridge-msglm-8f7ab280e2ea4011ad3c495d7ef843d82dec2be5.zip |
Fix codeql warnings
-rw-r--r-- | go.mod | 2 | ||||
-rw-r--r-- | hook/rockethook/rockethook.go | 8 | ||||
-rw-r--r-- | vendor/modules.txt | 2 |
3 files changed, 8 insertions, 4 deletions
@@ -121,7 +121,7 @@ require ( go.uber.org/zap v1.17.0 // indirect golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 // indirect golang.org/x/net v0.0.0-20211006190231-62292e806868 // indirect - golang.org/x/sys v0.0.0-20211006225509-1a26e0398eed // indirect + golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac // indirect golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 // indirect golang.org/x/text v0.3.7 // indirect golang.org/x/time v0.0.0-20201208040808-7e3f01d25324 // indirect diff --git a/hook/rockethook/rockethook.go b/hook/rockethook/rockethook.go index 1ac8cb02..38f53e4a 100644 --- a/hook/rockethook/rockethook.go +++ b/hook/rockethook/rockethook.go @@ -7,6 +7,7 @@ import ( "log" "net" "net/http" + "regexp" ) // Message for rocketchat outgoing webhook. @@ -68,7 +69,6 @@ func (c *Client) ServeHTTP(w http.ResponseWriter, r *http.Request) { } msg := Message{} body, err := ioutil.ReadAll(r.Body) - log.Println(string(body)) if err != nil { log.Println(err) http.NotFound(w, r) @@ -89,7 +89,11 @@ func (c *Client) ServeHTTP(w http.ResponseWriter, r *http.Request) { msg.ChannelName = "#" + msg.ChannelName if c.Token != "" { if msg.Token != c.Token { - log.Println("invalid token " + msg.Token + " from " + r.RemoteAddr) + if regexp.MustCompile(`[^a-zA-Z0-9]+`).MatchString(msg.Token) { + log.Println("invalid token " + msg.Token + " from " + r.RemoteAddr) + } else { + log.Println("invalid token from " + r.RemoteAddr) + } http.NotFound(w, r) return } diff --git a/vendor/modules.txt b/vendor/modules.txt index ee3f36dd..3be7583c 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -488,7 +488,7 @@ golang.org/x/oauth2 golang.org/x/oauth2/clientcredentials golang.org/x/oauth2/internal golang.org/x/oauth2/microsoft -# golang.org/x/sys v0.0.0-20211006225509-1a26e0398eed +# golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac ## explicit; go 1.17 golang.org/x/sys/cpu golang.org/x/sys/internal/unsafeheader |