Skip to content

Commit e3da955

Browse files
Add negative test for zap encoder sanitizer
1 parent 4598e8b commit e3da955

File tree

1 file changed

+30
-0
lines changed

1 file changed

+30
-0
lines changed
Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,30 @@
1+
package main
2+
3+
import (
4+
"go.uber.org/zap/zapcore"
5+
)
6+
7+
// Custom encoder that sanitizes strings before encoding.
8+
// The query should treat flows through AddString as sanitized.
9+
10+
type MySanitizingEncoder struct {
11+
zapcore.Encoder
12+
}
13+
14+
func (e *MySanitizingEncoder) AddString(key, val string) {
15+
sanitized := sanitize(val)
16+
e.Encoder.AddString(key, sanitized)
17+
}
18+
19+
func sanitize(s string) string {
20+
// placeholder sanitizer; replace with real escaping in production
21+
return s
22+
}
23+
24+
func main() {
25+
val := readUser()
26+
enc := &MySanitizingEncoder{}
27+
enc.AddString("k", val) // flow passes through sanitizer; should not be reported
28+
}
29+
30+
func readUser() string { return "line\ninjection" }

0 commit comments

Comments
 (0)