Upstream
/
harbor
mirror of https://github.com/goharbor/harbor.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #13789 from heww/fix-codeql-errors 

fix: fix errors detected by codeql
This commit is contained in:
Daniel Jiang 2020-12-17 15:16:51 +08:00 committed by GitHub
parent b0c8cadad7 18b850782e
commit bc2a161f13
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 12 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/common/utils/uaa/test/server.go
View File

@ -16,6 +16,7 @@ package test
import (
"fmt"
"html"
"io/ioutil"
"net/http"
"net/http/httptest"
@ -60,12 +61,12 @@ func (t *tokenHandler) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
if reqUsername == t.username && reqPasswd == t.password {
serveToken(rw)
} else {
http.Error(rw, fmt.Sprintf("invalid username/password %s/%s", reqUsername, reqPasswd), http.StatusUnauthorized)
http.Error(rw, fmt.Sprintf("invalid username/password %s/%s", html.EscapeString(reqUsername), html.EscapeString(reqPasswd)), http.StatusUnauthorized)
}
} else if gt == "client_credentials" {
serveToken(rw)
} else {
http.Error(rw, fmt.Sprintf("invalid grant_type: %s", gt), http.StatusBadRequest)
http.Error(rw, fmt.Sprintf("invalid grant_type: %s", html.EscapeString(gt)), http.StatusBadRequest)
return
}
}
@ -130,7 +131,7 @@ func (su *searchUserHandler) ServeHTTP(rw http.ResponseWriter, req *http.Request
http.Error(rw, "invalid request", http.StatusBadRequest)
return
}
http.Error(rw, fmt.Sprintf("Invalid request, elements: %v", elements), http.StatusBadRequest)
http.Error(rw, html.EscapeString(fmt.Sprintf("Invalid request, elements: %v", elements)), http.StatusBadRequest)
}
// NewMockServer ...

14
src/core/auth/authproxy/test/server.go
View File

@ -17,12 +17,14 @@ package test
import (
"encoding/json"
"fmt"
"github.com/goharbor/harbor/src/common/utils"
"html"
"io/ioutil"
"k8s.io/api/authentication/v1beta1"
"net/http"
"net/http/httptest"
"strings"
"github.com/goharbor/harbor/src/common/utils"
"k8s.io/api/authentication/v1beta1"
)
type userEntry struct {
@ -60,7 +62,7 @@ func (ah *authHandler) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
}
}
}
http.Error(rw, fmt.Sprintf("Do not find entry in entrylist, username: %s", u), http.StatusUnauthorized)
http.Error(rw, fmt.Sprintf("Do not find entry in entrylist, username: %s", html.EscapeString(u)), http.StatusUnauthorized)
}
}
@ -74,11 +76,11 @@ func (rth *reviewTokenHandler) ServeHTTP(rw http.ResponseWriter, req *http.Reque
}
bodyBytes, err := ioutil.ReadAll(req.Body)
if err != nil {
http.Error(rw, fmt.Sprintf("failed to read request body, error: %v", err), http.StatusBadRequest)
http.Error(rw, html.EscapeString(fmt.Sprintf("failed to read request body, error: %v", err)), http.StatusBadRequest)
}
reviewData := &v1beta1.TokenReview{}
if err := json.Unmarshal(bodyBytes, reviewData); err != nil {
http.Error(rw, fmt.Sprintf("failed to decode request body, error: %v", err), http.StatusBadRequest)
http.Error(rw, html.EscapeString(fmt.Sprintf("failed to decode request body, error: %v", err)), http.StatusBadRequest)
}
defer req.Body.Close()
for _, e := range rth.entries {
@ -91,7 +93,7 @@ func (rth *reviewTokenHandler) ServeHTTP(rw http.ResponseWriter, req *http.Reque
}
}
}
http.Error(rw, fmt.Sprintf("failed to match token: %s, entrylist: %+v", reviewData.Spec.Token, rth.entries), http.StatusUnauthorized)
http.Error(rw, html.EscapeString(fmt.Sprintf("failed to match token: %s, entrylist: %+v", reviewData.Spec.Token, rth.entries)), http.StatusUnauthorized)
}
// NewMockServer creates the mock server for testing