Log Injection.go autotests might be wrong


I suspect that the Log Injection.go autotest TestLogInjectionPOSTCredentialWithDangerousControlCharactersReturnHttp400() is incorrect. Specifically, I suspect it’s variable reuse.

I reproduced the test locally and it works. Could you please take a look?

Tests look ok.

Your whitelisting approach is good :muscle: . One of those characters that you have whitelisted, is not suitable for logs (hint: it can be used for “fake” entries to panic SOC teams)

1 Like