Thanks to visit codestin.com
Credit goes to github.com

Skip to content

v1.0.3
Compare
Choose a tag to compare
@devwithkrishna-app-token-generator devwithkrishna-app-token-generator released this 16 Apr 14:58
· 2 commits to main since this release
v1.0.3
a50e4e8
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Pull Request Title: Potential fix for code scanning alert no. 3: Log Injection

Pull Request URL: PR Link

Opened By: githubofkrishnadhas

Merged: True

Description: Potential fix for https://github.com/devwithkrishna/example-python-application/security/code-scanning/3

To fix the log injection issue, we need to sanitize the user-provided values before logging them. Specifically, we should remove any newline characters from the item.color and item.username values to prevent log injection attacks. This can be done using the replace method to replace \r\n and \n with empty strings.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

Created At: 2025-04-12T19:26:51Z

Closed & Merged At: 2025-04-16T14:57:22Z

Assignees: githubofkrishnadhas

Total Commits: 1

What's Changed

Full Changelog: v1.0.2...v1.0.3

Contributors

githubofkrishnadhas
Assets 2
Loading