Closed vmercierfr closed 7 months ago
Package | Line Rate | Health |
---|---|---|
github.com/qonto/prometheus-rds-exporter/internal/app/cloudwatch | 88% | ✔ |
github.com/qonto/prometheus-rds-exporter/internal/app/ec2 | 88% | ✔ |
github.com/qonto/prometheus-rds-exporter/internal/app/exporter | 80% | ✔ |
github.com/qonto/prometheus-rds-exporter/internal/app/rds | 80% | ➖ |
github.com/qonto/prometheus-rds-exporter/internal/app/servicequotas | 51% | ❌ |
github.com/qonto/prometheus-rds-exporter/internal/app/unit | 100% | ✔ |
Summary | 81% (939 / 1157) | ✔ |
Minimum allowed line rate is 60%
Objective
Ignore false postive alert for homepage
Why
Semgrep is reporting
go.lang.security.audit.xss.no-direct-write-to-responsewriter.no-direct-write-to-responsewriter
alert:We fixed it in https://github.com/qonto/prometheus-rds-exporter/pull/112, but alert is sill reported.
Homepage HTMP content is escaped by
html/template
during initialisation.An alternative might be to use the
template.Execute()
in the HTTP handler , but it will be calculated for each call, which doesn't make sense for this home page.How
Release plan