Potential fix for code scanning alert no. 23: Log entries created from user input

akabarki76 · github-advanced-security[bot] · web-flow · commit b484b564f2b9 · 2025-07-16T02:10:10.000+01:00
Co-authored-by: Copilot Autofix powered by AI &lt;62310815+github-advanced-security[bot]@users.noreply.github.com&gt;
diff --git a/third-party/github.com/letsencrypt/boulder/web/context.go b/third-party/github.com/letsencrypt/boulder/web/context.go
@@ -141,6 +141,10 @@ func (th *TopHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		realIP = "0.0.0.0"
 	}
 
+	// Sanitize the realIP value to remove newline and carriage return characters.
+	realIP = strings.ReplaceAll(realIP, "\n", "")
+	realIP = strings.ReplaceAll(realIP, "\r", "")
+
 	userAgent := r.Header.Get("User-Agent")
 
 	logEvent := &RequestEvent{

Original file line number	Diff line number	Diff line change
`@@ -141,6 +141,10 @@ func (th TopHandler) ServeHTTP(w http.ResponseWriter, r http.Request) {`
`141`	`141`	`realIP = "0.0.0.0"`
`142`	`142`	`}`
`143`	`143`
	`144`	`+ // Sanitize the realIP value to remove newline and carriage return characters.`
	`145`	`+ realIP = strings.ReplaceAll(realIP, "\n", "")`
	`146`	`+ realIP = strings.ReplaceAll(realIP, "\r", "")`
	`147`	`+`
`144`	`148`	`userAgent := r.Header.Get("User-Agent")`
`145`	`149`
`146`	`150`	`logEvent := &RequestEvent{`