search

18F / tock

We use Tock to track and report our time at 18F
https://18f.gsa.gov/2015/05/21/TockingTime/
Other
120 stars 37 forks source link

api: escape query params when emitting error #1650

Closed cantsin closed 1 year ago

cantsin commented 1 year ago

Description

when the API emits an error, escape all user input (query params).

Additional information

this behavior was flagged in a netsparker scan, but it's a false warning. nonetheless, let's fix anyway in the name of sanitizing output.

codecov-commenter commented 1 year ago

Codecov Report

Merging #1650 (4d7b529) into main (8689c44) will increase coverage by 0.01%. The diff coverage is n/a.

@@            Coverage Diff             @@
##             main    #1650      +/-   ##
==========================================
+ Coverage   94.16%   94.17%   +0.01%     
==========================================
  Files          66       66              
  Lines        4150     4158       +8     
==========================================
+ Hits         3908     3916       +8     
  Misses        242      242

see 2 files with indirect coverage changes

:mega: We’re building smart automated test selection to slash your CI/CD build times. Learn more