Merge pull request github#16107 from erik-krogh/fix-log-injection-typo

erik-krogh · web-flow · commit 35f61d9de498 · 2024-04-03T18:29:37.000+02:00
RB: Tiny fixes to log-injection QHelp
diff --git a/ruby/ql/src/queries/security/cwe-117/examples/log_injection_good.rb b/ruby/ql/src/queries/security/cwe-117/examples/log_injection_good.rb
@@ -5,9 +5,8 @@ def login
     logger = Logger.new STDOUT
     username = params[:username]
 
-    # GOOD: log message constructed with unsanitized user input
-    sanitized_username = username.gsub("\n", "")
-    logger.info "attempting to login user: " + sanitized_username
+    # GOOD: log message constructed with sanitized user input
+    logger.info "attempting to login user: " + sanitized_username.gsub("\n", "")
 
     # ... login logic ...
   end
