Ver Fonte

security: GHSA-xx6g-43w2-9g6g (MODERATE) Email argument makes compliance harder, enables log injection

jamesread há 3 meses atrás
pai
commit
bc5e9fbe1e
1 ficheiros alterados com 1 adições e 4 exclusões
  1. 1 4
      service/internal/executor/arguments.go

+ 1 - 4
service/internal/executor/arguments.go

@@ -250,13 +250,10 @@ func typecheckChoiceEntity(value string, arg *config.ActionArgument) error {
 
 func typeSafetyCheckEmail(value string) error {
 	_, err := mail.ParseAddress(value)
-
-	log.Errorf("Email check: %v, %v", err, value)
-
 	if err != nil {
+		log.WithField("type", "email").Debugf("Email argument type check failed")
 		return err
 	}
-
 	return nil
 }