Add Go license to logger_strings.go

Author: aldas

middleware/logger_strings.go

@@ -1,6 +1,41 @@
+// SPDX-License-Identifier: BSD-3-Clause
+// SPDX-FileCopyrightText: Copyright 2010 The Go Authors
+//
 // Copyright 2010 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
+//
+//
+// Go LICENSE https://raw.githubusercontent.com/golang/go/36bca3166e18db52687a4d91ead3f98ffe6d00b8/LICENSE
+/**
+Copyright 2009 The Go Authors.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+   * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+   * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+   * Neither the name of Google LLC nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
 
 package middleware
 
@@ -37,6 +72,7 @@ func writeJSONSafeString(buf *bytes.Buffer, src string) (int, error) {
 				}
 			case '\b':
 				n, err := buf.Write([]byte{'\\', 'b'})
+				written += n
 				if err != nil {
 					return n, err
 				}
@@ -47,7 +83,7 @@ func writeJSONSafeString(buf *bytes.Buffer, src string) (int, error) {
 					return written, err
 				}
 			case '\n':
-				n, err := buf.Write([]byte{'\\', 'f'})
+				n, err := buf.Write([]byte{'\\', 'n'})
 				written += n
 				if err != nil {
 					return written, err
@@ -66,10 +102,6 @@ func writeJSONSafeString(buf *bytes.Buffer, src string) (int, error) {
 				}
 			default:
 				// This encodes bytes < 0x20 except for \b, \f, \n, \r and \t.
-				// If escapeHTML is set, it also escapes <, >, and &
-				// because they can lead to security holes when
-				// user-controlled strings are rendered into JSON
-				// and served to some browsers.
 				n, err := buf.Write([]byte{'\\', 'u', '0', '0', hex[b>>4], hex[b&0xF]})
 				written += n
 				if err != nil {
@@ -80,10 +112,6 @@ func writeJSONSafeString(buf *bytes.Buffer, src string) (int, error) {
 			start = i
 			continue
 		}
-		// TODO(https://go.dev/issue/56948): Use generic utf8 functionality.
-		// For now, cast only a small portion of byte slices to a string
-		// so that it can be stack allocated. This slows down []byte slightly
-		// due to the extra copy, but keeps string performance roughly the same.
 		srcN := min(len(src)-i, utf8.UTFMax)
 		c, size := utf8.DecodeRuneInString(src[i : i+srcN])
 		if c == utf8.RuneError && size == 1 {
@@ -101,29 +129,6 @@ func writeJSONSafeString(buf *bytes.Buffer, src string) (int, error) {
 			start = i
 			continue
 		}
-		// U+2028 is LINE SEPARATOR.
-		// U+2029 is PARAGRAPH SEPARATOR.
-		// They are both technically valid characters in JSON strings,
-		// but don't work in JSONP, which has to be evaluated as JavaScript,
-		// and can lead to security holes there. It is valid JSON to
-		// escape them, so we do so unconditionally.
-		// See https://en.wikipedia.org/wiki/JSON#Safety.
-		if c == '\u2028' || c == '\u2029' {
-			n, err := buf.Write([]byte(src[start:i]))
-			written += n
-			if err != nil {
-				return written, err
-			}
-			n, err = buf.Write([]byte{'\\', 'u', '2', '0', '2', hex[c&0xF]})
-			written += n
-			if err != nil {
-				return written, err
-			}
-
-			i += size
-			start = i
-			continue
-		}
 		i += size
 	}
 	n, err := buf.Write([]byte(src[start:]))

middleware/logger_strings_test.go

@@ -0,0 +1,285 @@
+package middleware
+
+import (
+	"bytes"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestWriteJSONSafeString(t *testing.T) {
+	testCases := []struct {
+		name      string
+		whenInput string
+		expect    string
+		expectN   int
+	}{
+		// Basic cases
+		{
+			name:      "empty string",
+			whenInput: "",
+			expect:    "",
+			expectN:   0,
+		},
+		{
+			name:      "simple ASCII without special chars",
+			whenInput: "hello",
+			expect:    "hello",
+			expectN:   5,
+		},
+		{
+			name:      "single character",
+			whenInput: "a",
+			expect:    "a",
+			expectN:   1,
+		},
+		{
+			name:      "alphanumeric",
+			whenInput: "Hello123World",
+			expect:    "Hello123World",
+			expectN:   13,
+		},
+
+		// Special character escaping
+		{
+			name:      "backslash",
+			whenInput: `path\to\file`,
+			expect:    `path\\to\\file`,
+			expectN:   14,
+		},
+		{
+			name:      "double quote",
+			whenInput: `say "hello"`,
+			expect:    `say \"hello\"`,
+			expectN:   13,
+		},
+		{
+			name:      "backslash and quote combined",
+			whenInput: `a\b"c`,
+			expect:    `a\\b\"c`,
+			expectN:   7,
+		},
+		{
+			name:      "single backslash",
+			whenInput: `\`,
+			expect:    `\\`,
+			expectN:   2,
+		},
+		{
+			name:      "single quote",
+			whenInput: `"`,
+			expect:    `\"`,
+			expectN:   2,
+		},
+
+		// Control character escaping
+		{
+			name:      "backspace",
+			whenInput: "hello\bworld",
+			expect:    `hello\bworld`,
+			expectN:   12,
+		},
+		{
+			name:      "form feed",
+			whenInput: "hello\fworld",
+			expect:    `hello\fworld`,
+			expectN:   12,
+		},
+		{
+			name:      "newline",
+			whenInput: "hello\nworld",
+			expect:    `hello\nworld`,
+			expectN:   12,
+		},
+		{
+			name:      "carriage return",
+			whenInput: "hello\rworld",
+			expect:    `hello\rworld`,
+			expectN:   12,
+		},
+		{
+			name:      "tab",
+			whenInput: "hello\tworld",
+			expect:    `hello\tworld`,
+			expectN:   12,
+		},
+		{
+			name:      "multiple newlines",
+			whenInput: "line1\nline2\nline3",
+			expect:    `line1\nline2\nline3`,
+			expectN:   19,
+		},
+
+		// Low control characters (< 0x20)
+		{
+			name:      "null byte",
+			whenInput: "hello\x00world",
+			expect:    `hello\u0000world`,
+			expectN:   16,
+		},
+		{
+			name:      "control character 0x01",
+			whenInput: "test\x01value",
+			expect:    `test\u0001value`,
+			expectN:   15,
+		},
+		{
+			name:      "control character 0x0e",
+			whenInput: "test\x0evalue",
+			expect:    `test\u000evalue`,
+			expectN:   15,
+		},
+		{
+			name:      "control character 0x1f",
+			whenInput: "test\x1fvalue",
+			expect:    `test\u001fvalue`,
+			expectN:   15,
+		},
+		{
+			name:      "multiple control characters",
+			whenInput: "\x00\x01\x02",
+			expect:    `\u0000\u0001\u0002`,
+			expectN:   18,
+		},
+
+		// UTF-8 handling
+		{
+			name:      "valid UTF-8 Chinese",
+			whenInput: "hello 世界",
+			expect:    "hello 世界",
+			expectN:   12,
+		},
+		{
+			name:      "valid UTF-8 emoji",
+			whenInput: "party 🎉 time",
+			expect:    "party 🎉 time",
+			expectN:   15,
+		},
+		{
+			name:      "mixed ASCII and UTF-8",
+			whenInput: "Hello世界123",
+			expect:    "Hello世界123",
+			expectN:   14,
+		},
+		{
+			name:      "UTF-8 with special chars",
+			whenInput: "世界\n\"test\"",
+			expect:    `世界\n\"test\"`,
+			expectN:   16,
+		},
+
+		// Invalid UTF-8
+		{
+			name:      "invalid UTF-8 sequence",
+			whenInput: "hello\xff\xfeworld",
+			expect:    `hello\ufffd\ufffdworld`,
+			expectN:   22,
+		},
+		{
+			name:      "incomplete UTF-8 sequence",
+			whenInput: "test\xc3value",
+			expect:    `test\ufffdvalue`,
+			expectN:   15,
+		},
+
+		// Complex mixed cases
+		{
+			name:      "all common escapes",
+			whenInput: "tab\there\nquote\"backslash\\",
+			expect:    `tab\there\nquote\"backslash\\`,
+			expectN:   29,
+		},
+		{
+			name:      "mixed controls and UTF-8",
+			whenInput: "hello\t世界\ntest\"",
+			expect:    `hello\t世界\ntest\"`,
+			expectN:   21,
+		},
+		{
+			name:      "all control characters",
+			whenInput: "\b\f\n\r\t",
+			expect:    `\b\f\n\r\t`,
+			expectN:   10,
+		},
+		{
+			name:      "control and low ASCII",
+			whenInput: "a\nb\x00c",
+			expect:    `a\nb\u0000c`,
+			expectN:   11,
+		},
+
+		// Edge cases
+		{
+			name:      "starts with special char",
+			whenInput: "\\start",
+			expect:    `\\start`,
+			expectN:   7,
+		},
+		{
+			name:      "ends with special char",
+			whenInput: "end\"",
+			expect:    `end\"`,
+			expectN:   5,
+		},
+		{
+			name:      "consecutive special chars",
+			whenInput: "\\\\\"\"",
+			expect:    `\\\\\"\"`,
+			expectN:   8,
+		},
+		{
+			name:      "only special characters",
+			whenInput: "\"\\\n\t",
+			expect:    `\"\\\n\t`,
+			expectN:   8,
+		},
+		{
+			name:      "spaces and punctuation",
+			whenInput: "Hello, World! How are you?",
+			expect:    "Hello, World! How are you?",
+			expectN:   26,
+		},
+		{
+			name:      "JSON-like string",
+			whenInput: "{\"key\":\"value\"}",
+			expect:    `{\"key\":\"value\"}`,
+			expectN:   19,
+		},
+	}
+
+	for _, tt := range testCases {
+		t.Run(tt.name, func(t *testing.T) {
+			buf := &bytes.Buffer{}
+			n, err := writeJSONSafeString(buf, tt.whenInput)
+
+			assert.NoError(t, err)
+			assert.Equal(t, tt.expect, buf.String())
+			assert.Equal(t, tt.expectN, n)
+		})
+	}
+}
+
+func BenchmarkWriteJSONSafeString(b *testing.B) {
+	testCases := []struct {
+		name  string
+		input string
+	}{
+		{"simple", "hello world"},
+		{"with escapes", "tab\there\nquote\"backslash\\"},
+		{"utf8", "hello 世界 🎉"},
+		{"mixed", "Hello\t世界\ntest\"value\\path"},
+		{"long simple", "abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789"},
+		{"long complex", "line1\nline2\tline3\"quote\\slash\x00null世界🎉"},
+	}
+
+	for _, tc := range testCases {
+		b.Run(tc.name, func(b *testing.B) {
+			buf := &bytes.Buffer{}
+			b.ResetTimer()
+			for i := 0; i < b.N; i++ {
+				buf.Reset()
+				writeJSONSafeString(buf, tc.input)
+			}
+		})
+	}
+}