From a8afa05b1d4bf4fa70d78f6886f01c59aa731161 Mon Sep 17 00:00:00 2001 From: Chris Smowton Date: Wed, 20 Sep 2023 10:00:53 +0100 Subject: [PATCH] Correct ReplaceAll params ReplaceAll doesn't take a count argument --- go/ql/src/Security/CWE-117/LogInjectionGood.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/go/ql/src/Security/CWE-117/LogInjectionGood.go b/go/ql/src/Security/CWE-117/LogInjectionGood.go index a43fa04bbbd3..74bc5e75b2df 100644 --- a/go/ql/src/Security/CWE-117/LogInjectionGood.go +++ b/go/ql/src/Security/CWE-117/LogInjectionGood.go @@ -9,7 +9,7 @@ import ( // GOOD: The user-provided value is escaped before being written to the log. func handlerGood(req *http.Request) { username := req.URL.Query()["username"][0] - escapedUsername := strings.ReplaceAll(username, "\n", "", -1) - escapedUsername = strings.ReplaceAll(escapedUsername, "\r", "", -1) + escapedUsername := strings.ReplaceAll(username, "\n", "") + escapedUsername = strings.ReplaceAll(escapedUsername, "\r", "") log.Printf("user %s logged in.\n", escapedUsername) }