Merge pull request #16107 from erik-krogh/fix-log-injection-typo

RB: Tiny fixes to log-injection QHelp
github · Apr 3, 2024 · 35f61d9 · 35f61d9
2 parents 2d4cf55 + ec32bdc
commit 35f61d9
Showing 1 changed file with 2 additions and 3 deletions.
diff --git a/ruby/ql/src/queries/security/cwe-117/examples/log_injection_good.rb b/ruby/ql/src/queries/security/cwe-117/examples/log_injection_good.rb
@@ -5,9 +5,8 @@ def login
     logger = Logger.new STDOUT
     username = params[:username]
 
-    # GOOD: log message constructed with unsanitized user input
-    sanitized_username = username.gsub("\n", "")
-    logger.info "attempting to login user: " + sanitized_username
+    # GOOD: log message constructed with sanitized user input
+    logger.info "attempting to login user: " + sanitized_username.gsub("\n", "")
 
     # ... login logic ...
   end