feat: setup-gap-authz#996
Conversation
erikburt
force-pushed
the
feat/setup-gap-authz
branch
7 times, most recently
from
880c25b to
a7e016a
Compare
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
erikburt
force-pushed
the
feat/setup-gap-authz
branch
2 times, most recently
from
dc16d4e to
1f84af1
Compare
|
|
||
| // handleHealthz is a simple health check endpoint | ||
| func handleHealthz(w http.ResponseWriter, r *http.Request) { | ||
| log.Printf("Health check request: %s", r.URL.Path) |
Check failure
Code scanning / CodeQL
Log entries created from user input High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI about 1 year ago
To fix the problem, we need to sanitize the user input before logging it. Specifically, we should remove any newline characters from the r.URL.Path to prevent log forgery. This can be done using the strings.ReplaceAll function to replace newline characters with an empty string. This ensures that the log entries are safe and cannot be manipulated by malicious users.
| @@ -233,3 +233,5 @@ | ||
| func handleHealthz(w http.ResponseWriter, r *http.Request) { | ||
| log.Printf("Health check request: %s", r.URL.Path) | ||
| sanitizedPath := strings.ReplaceAll(r.URL.Path, "\n", "") | ||
| sanitizedPath = strings.ReplaceAll(sanitizedPath, "\r", "") | ||
| log.Printf("Health check request: %s", sanitizedPath) | ||
| fmt.Fprint(w, "OK") |
|
|
||
| // handleNotFound handles all other paths, logs the request path, and returns a 404 | ||
| func handleNotFound(w http.ResponseWriter, r *http.Request) { | ||
| log.Printf("Not found request: %s %s", r.Method, r.URL.Path) |
Check failure
Code scanning / CodeQL
Log entries created from user input High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI about 1 year ago
To fix the problem, we need to sanitize the user input before logging it. Specifically, we should remove any newline characters from the r.URL.Path to prevent log forgery. This can be done using the strings.ReplaceAll function to replace newline characters with an empty string. This ensures that the log entry remains a single line and cannot be manipulated by a malicious user.
| @@ -239,3 +239,5 @@ | ||
| func handleNotFound(w http.ResponseWriter, r *http.Request) { | ||
| log.Printf("Not found request: %s %s", r.Method, r.URL.Path) | ||
| sanitizedPath := strings.ReplaceAll(r.URL.Path, "\n", "") | ||
| sanitizedPath = strings.ReplaceAll(sanitizedPath, "\r", "") | ||
| log.Printf("Not found request: %s %s", r.Method, sanitizedPath) | ||
| http.Error(w, "Not Found", http.StatusNotFound) |
erikburt
force-pushed
the
feat/setup-gap-authz
branch
5 times, most recently
from
c66fe20 to
d2e1872
Compare
erikburt
force-pushed
the
feat/setup-gap-authz
branch
from
d2e1872 to
35e6a14
Compare
erikburt
force-pushed
the
feat/setup-gap-authz
branch
2 times, most recently
from
6a1c1e5 to
588744c
Compare
erikburt
force-pushed
the
feat/setup-gap-authz
branch
4 times, most recently
from
9bbf049 to
253046b
Compare
| if re.MatchString(authority) { | ||
| // Replace the port with 443 | ||
| newAuthority := regexp.MustCompile(":\\d+$").ReplaceAllString(authority, ":443") | ||
| log.Printf("Updated authority header from %s to %s", authority, newAuthority) |
Check failure
Code scanning / CodeQL
Log entries created from user input High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI about 1 year ago
To fix the problem, we need to sanitize the authority header before logging it. This can be done by removing any newline characters from the authority value. We can use the strings.ReplaceAll function to replace \n and \r characters with an empty string. This ensures that the logged value does not contain any characters that could be used to forge log entries.
| @@ -169,3 +169,5 @@ | ||
| newAuthority := regexp.MustCompile(":\\d+$").ReplaceAllString(authority, ":443") | ||
| log.Printf("Updated authority header from %s to %s", authority, newAuthority) | ||
| sanitizedAuthority := strings.ReplaceAll(authority, "\n", "") | ||
| sanitizedAuthority = strings.ReplaceAll(sanitizedAuthority, "\r", "") | ||
| log.Printf("Updated authority header from %s to %s", sanitizedAuthority, newAuthority) | ||
| return newAuthority | ||
| @@ -198,3 +200,5 @@ | ||
| } | ||
| log.Printf("Received Authority header: %s", authority) | ||
| sanitizedAuthority := strings.ReplaceAll(authority, "\n", "") | ||
| sanitizedAuthority = strings.ReplaceAll(sanitizedAuthority, "\r", "") | ||
| log.Printf("Received Authority header: %s", sanitizedAuthority) | ||
|
|
| if re.MatchString(authority) { | ||
| // Replace the port with 443 | ||
| newAuthority := regexp.MustCompile(":\\d+$").ReplaceAllString(authority, ":443") | ||
| log.Printf("Updated authority header from %s to %s", authority, newAuthority) |
Check failure
Code scanning / CodeQL
Log entries created from user input High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI about 1 year ago
To fix the problem, we need to sanitize the user input before logging it. Specifically, we should remove any newline characters from the authority header to prevent log forgery. This can be done using the strings.ReplaceAll function to replace newline characters with an empty string. We should apply this sanitization in the ensurePort443 function before logging the newAuthority.
| @@ -169,3 +169,7 @@ | ||
| newAuthority := regexp.MustCompile(":\\d+$").ReplaceAllString(authority, ":443") | ||
| log.Printf("Updated authority header from %s to %s", authority, newAuthority) | ||
| sanitizedAuthority := strings.ReplaceAll(authority, "\n", "") | ||
| sanitizedAuthority = strings.ReplaceAll(sanitizedAuthority, "\r", "") | ||
| sanitizedNewAuthority := strings.ReplaceAll(newAuthority, "\n", "") | ||
| sanitizedNewAuthority = strings.ReplaceAll(sanitizedNewAuthority, "\r", "") | ||
| log.Printf("Updated authority header from %s to %s", sanitizedAuthority, sanitizedNewAuthority) | ||
| return newAuthority |
|
|
||
| // handleCheck processes auth requests from Envoy | ||
| func handleCheck(w http.ResponseWriter, r *http.Request) { | ||
| log.Printf("Check: %s %s %s", r.Method, r.URL.Path, r.UserAgent()) |
Check failure
Code scanning / CodeQL
Log entries created from user input High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI about 1 year ago
To fix the problem, we need to sanitize the user input before logging it. Since the log entries are plain text, we should remove any line breaks from the user input to prevent log forgery. We can use the strings.ReplaceAll function to replace newline characters with an empty string. This ensures that the user input cannot introduce new log entries or otherwise manipulate the log format.
We will apply this sanitization to the r.URL.Path value before logging it on line 189. Additionally, we will sanitize the authority value before logging it on lines 197 and 199.
| @@ -188,3 +188,5 @@ | ||
| func handleCheck(w http.ResponseWriter, r *http.Request) { | ||
| log.Printf("Check: %s %s %s", r.Method, r.URL.Path, r.UserAgent()) | ||
| sanitizedPath := strings.ReplaceAll(r.URL.Path, "\n", "") | ||
| sanitizedPath = strings.ReplaceAll(sanitizedPath, "\r", "") | ||
| log.Printf("Check: %s %s %s", r.Method, sanitizedPath, r.UserAgent()) | ||
|
|
||
| @@ -196,5 +198,9 @@ | ||
| authority = r.Host | ||
| log.Printf("No :authority header found, using Host header: %s", authority) | ||
| sanitizedAuthority := strings.ReplaceAll(authority, "\n", "") | ||
| sanitizedAuthority = strings.ReplaceAll(sanitizedAuthority, "\r", "") | ||
| log.Printf("No :authority header found, using Host header: %s", sanitizedAuthority) | ||
| } | ||
| log.Printf("Received Authority header: %s", authority) | ||
| sanitizedAuthority := strings.ReplaceAll(authority, "\n", "") | ||
| sanitizedAuthority = strings.ReplaceAll(sanitizedAuthority, "\r", "") | ||
| log.Printf("Received Authority header: %s", sanitizedAuthority) | ||
|
|
|
|
||
| // handleCheck processes auth requests from Envoy | ||
| func handleCheck(w http.ResponseWriter, r *http.Request) { | ||
| log.Printf("Check: %s %s %s", r.Method, r.URL.Path, r.UserAgent()) |
Check failure
Code scanning / CodeQL
Log entries created from user input High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI about 1 year ago
To fix the problem, we need to sanitize the user agent string before logging it. This can be done by removing any newline characters from the user agent string to prevent log forgery. We can use the strings.ReplaceAll function to replace newline characters with an empty string. This ensures that the user agent string is safe to log.
The changes should be made in the handleCheck function where the user agent string is logged. Specifically, we need to sanitize the r.UserAgent() value before including it in the log entry.
| @@ -188,3 +188,5 @@ | ||
| func handleCheck(w http.ResponseWriter, r *http.Request) { | ||
| log.Printf("Check: %s %s %s", r.Method, r.URL.Path, r.UserAgent()) | ||
| userAgent := strings.ReplaceAll(r.UserAgent(), "\n", "") | ||
| userAgent = strings.ReplaceAll(userAgent, "\r", "") | ||
| log.Printf("Check: %s %s %s", r.Method, r.URL.Path, userAgent) | ||
|
|
| authority = r.Host | ||
| log.Printf("No :authority header found, using Host header: %s", authority) | ||
| } | ||
| log.Printf("Received Authority header: %s", authority) |
Check failure
Code scanning / CodeQL
Log entries created from user input High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI about 1 year ago
To fix the problem, we need to sanitize the authority value before logging it. This can be done by removing any newline characters from the authority string to prevent log forgery. We will use the strings.ReplaceAll function to replace newline characters with an empty string. This ensures that the log entries are safe and cannot be manipulated by malicious users.
| @@ -198,3 +198,5 @@ | ||
| } | ||
| log.Printf("Received Authority header: %s", authority) | ||
| sanitizedAuthority := strings.ReplaceAll(authority, "\n", "") | ||
| sanitizedAuthority = strings.ReplaceAll(sanitizedAuthority, "\r", "") | ||
| log.Printf("Received Authority header: %s", sanitizedAuthority) | ||
|
|
erikburt
force-pushed
the
feat/setup-gap-authz
branch
from
253046b to
a37383c
Compare
|
|
||
| func addHeader(w http.ResponseWriter, headerName, headerValue string, logValue bool) { | ||
| if logValue { | ||
| log.Printf("Adding header: %s=%s", headerName, headerValue) |
Check failure
Code scanning / CodeQL
Log entries created from user input High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI about 1 year ago
To fix the problem, we need to sanitize the user input before logging it. Specifically, we should remove any newline characters from the headerValue to prevent log forgery. This can be achieved using the strings.ReplaceAll function to replace newline characters with an empty string. We should apply this sanitization in the addHeader function where the logging occurs.
| @@ -178,3 +178,5 @@ | ||
| if logValue { | ||
| log.Printf("Adding header: %s=%s", headerName, headerValue) | ||
| sanitizedHeaderValue := strings.ReplaceAll(headerValue, "\n", "") | ||
| sanitizedHeaderValue = strings.ReplaceAll(sanitizedHeaderValue, "\r", "") | ||
| log.Printf("Adding header: %s=%s", headerName, sanitizedHeaderValue) | ||
| } else { |
|
Closing in favour of #997 . |
2 participants
No description provided.