commit | c895de6bc01eaad322e1a44afddcf51c8c92ca5a | [log] [tgz] |
---|---|---|
author | Jonathan Amsterdam <jba@google.com> | Mon Apr 04 08:39:21 2022 -0400 |
committer | Jonathan Amsterdam <jba@google.com> | Thu Apr 07 03:17:30 2022 +0000 |
tree | 1bd4ce697622b07e043239840ec763e29e27ac98 | |
parent | 8ce55dc4b49118dfe848dda62f316a312ad5213b [diff] |
internal/frontend: return 400 on bad vuln ID The path "/vuln/%25sid" returned a 500 because the last component is converted to "%sid" which is then parsed again by the vuln DB client. That is parsed again, and that fails because %s isn't a valid URL escape. Fix by validating the form of the vuln ID before passing it to the vuln DB client. Change-Id: Ifcbfbb80c2af541687953e6207bf07a93295d626 Reviewed-on: https://go-review.googlesource.com/c/pkgsite/+/397914 Trust: Jonathan Amsterdam <jba@google.com> Run-TryBot: Jonathan Amsterdam <jba@google.com> TryBot-Result: kokoro <noreply+kokoro@google.com> Reviewed-by: Jamal Carvalho <jamal@golang.org>
Pkg.go.dev is a website for discovering and evaluating Go packages and modules.
You can check it out at https://pkg.go.dev.
Pkgsite requires Go 1.18 to run. The last commit that works with older versions of Go is 4d836c6a652cde92f433967680dfd6171a91ec12.
If you want to report a bug or have a feature suggestion, please first check the known issues to see if your issue is already being discussed. If an issue does not already exist, feel free to file an issue.
For answers to frequently asked questions, see pkg.go.dev/about.
You can also chat with us on the #pkgsite Slack channel on the Gophers Slack.
We would love your help!
Our canonical Git repository is located at go.googlesource.com/pkgsite. There is a mirror of the repository at github.com/golang/pkgsite.
To contribute, please read our contributing guide.
Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.