hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
bc6133de5c1ff734a5fa475a5dd6e0af7ed9ff3c
codeql/go/ql/test/query-tests/Security/CWE-089/StringBreakMismatched.go
Chuan-kai Lin aa514fff32 codeql-go merge prep: move into go/ directory
2022-05-20 10:07:19 -07:00

32 lines
912 B
Go
Raw Blame History

package main
import (
"encoding/json"
sq "github.com/Masterminds/squirrel"
"strings"
)
// Bad because quote characters are removed before concatenation,
// but then enclosed in a different enclosing quote:
func mismatch1(id string, version interface{}) {
versionJSON, _ := json.Marshal(version)
escaped := strings.Replace(string(versionJSON), "\"", "", -1)
sq.StatementBuilder.
Insert("resources").
Columns("resource_id", "version_md5").
Values(id, sq.Expr("'"+escaped+"'")).
Exec()
}
// Bad because quote characters are removed before concatenation,
// but then enclosed in a different enclosing quote:
func mismatch2(id string, version interface{}) {
versionJSON, _ := json.Marshal(version)
escaped := strings.Replace(string(versionJSON), "'", "", -1)
sq.StatementBuilder.
Insert("resources").
Columns("resource_id", "version_md5").
Values(id, sq.Expr("\""+escaped+"\"")).
Exec()
}
Reference in New Issue View Git Blame Copy Permalink