Skip to content

Commit ec32bdc

Browse files
erik-krogherik-krogh
committed
fix unsanitized -> sanitized typo, and don't add a new variable just to remove newlines
1 parent 1f27eb3 commit ec32bdc

File tree

1 file changed

+2
-3
lines changed

1 file changed

+2
-3
lines changed

ruby/ql/src/queries/security/cwe-117/examples/log_injection_good.rb

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -5,9 +5,8 @@ def login
55
logger = Logger.new STDOUT
66
username = params[:username]
77

8-
# GOOD: log message constructed with unsanitized user input
9-
sanitized_username = username.gsub("\n", "")
10-
logger.info "attempting to login user: " + sanitized_username
8+
# GOOD: log message constructed with sanitized user input
9+
logger.info "attempting to login user: " + sanitized_username.gsub("\n", "")
1110

1211
# ... login logic ...
1312
end

0 commit comments

Comments
 (0)