mirror of
https://github.com/github/codeql.git
synced 2025-12-21 03:06:31 +01:00
3906f2560d
A minor bug in our CFG means that we evaluate the base of a SliceExpr before the bounds. Since the bounds may have side effects, as in this case, it would be better to evaluate them first. But in the short term I am just adjusting the test to make it work.
43 lines
939 B
Go
43 lines
939 B
Go
package test
|
|
|
|
import (
|
|
"log"
|
|
"net/http"
|
|
"runtime"
|
|
)
|
|
|
|
var debug, development, trace, enableStackTrace, disableStackTrace, printStackTrace bool
|
|
|
|
var logger log.Logger
|
|
|
|
func handlePanic(w http.ResponseWriter, r *http.Request) {
|
|
buf := make([]byte, 2<<16)
|
|
stackLen := runtime.Stack(buf, true)
|
|
buf = buf[:stackLen]
|
|
// BAD: printing a stack trace back to the response
|
|
w.Write(buf)
|
|
// GOOD: logging the response to the server and sending
|
|
// a more generic message.
|
|
logger.Printf("Panic: %s", buf)
|
|
w.Write([]byte("An unexpected runtime error occurred"))
|
|
// GOOD: guarding remote stack dumps with tests that suggest an opt-in debug mode:
|
|
if debug {
|
|
w.Write(buf)
|
|
}
|
|
if development {
|
|
w.Write(buf)
|
|
}
|
|
if trace {
|
|
w.Write(buf)
|
|
}
|
|
if enableStackTrace {
|
|
w.Write(buf)
|
|
}
|
|
if !disableStackTrace {
|
|
w.Write(buf) // Note our analysis doesn't actually check this branch goes the right way
|
|
}
|
|
if printStackTrace {
|
|
w.Write(buf)
|
|
}
|
|
}
|