Skip to content

Commit

Permalink
Fix potentially unsafe quoting
Browse files Browse the repository at this point in the history 
fix
  • Loading branch information
@weiihann
weiihann committed Sep 13, 2024
1 parent f3478de commit 96cce04
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion utils/strings.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ func ToPythonicJSON(input string) (string, error) {
nextChar := runes[i+1]
if nextChar == 'u' && i+5 < len(runes) {
unicodeSeq := string(runes[i : i+6])
r, err := strconv.Unquote(`"` + unicodeSeq + `"`)
r, err := strconv.Unquote("\"" + unicodeSeq + "\"")

Check failure

Code scanning / CodeQL

Potentially unsafe quoting Critical

If this
JSON value
Loading
contains a double quote, it could break out of the enclosing quotes.
If this
JSON value
Loading
contains a double quote, it could break out of the enclosing quotes.
if err != nil {
return "", err

Check warning on line 48 in utils/strings.go

View check run for this annotation

Codecov / codecov/patch

utils/strings.go#L48 

Added line #L48 was not covered by tests
}
Expand Down

0 comments on commit 96cce04

Please sign in to comment.