Skip to content

add tcp proxy support #692

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
May 23, 2025
Merged

add tcp proxy support #692

merged 3 commits into from
May 23, 2025

Conversation

LinuxSuRen
Copy link
Owner

We highly recommend you read the contributor's documentation before starting the review process especially since this is your first contribution to this project.

It was updated on 2024/5/27

What type of PR is this?

What this PR does / why we need it:

Which issue(s) this PR fixes:

Fixes #

@LinuxSuRen LinuxSuRen requested a review from yuluo-yx as a code owner May 20, 2025 02:28
@LinuxSuRen LinuxSuRen added the enhancement New feature or request label May 20, 2025
@LinuxSuRen LinuxSuRen changed the title add tcp proxy support wip: add tcp proxy support May 20, 2025
@github-actions GitHub Actions
Copy link

github-actions bot commented May 20, 2025
edited
Loading

There are 1 test cases, failed count 0:

Name Average Max Min Count Error
11.507424ms 13.25516ms 10.529708ms 3 0

Reported by api-testing.

github-advanced-security[bot]
github-advanced-security bot found potential problems May 20, 2025
View reviewed changes
pkg/mock/in_memory.go
item: &item,
metrics: s.metrics,
mu: sync.Mutex{},
}

Check warning

Code scanning / CodeQL

Reflected cross-site scripting Medium

Cross-site scripting vulnerability due to
user-provided value
Loading
.
Cross-site scripting vulnerability due to user-provided value.

Copilot Autofix

AI 4 months ago

To fix the reflected XSS vulnerability, we need to ensure that any user-controlled data (e.g., mux.Vars(req)) is properly sanitized or escaped before being included in the HTTP response. In Go, the html.EscapeString function can be used to escape special HTML characters, preventing malicious scripts from being executed in the browser.

The fix involves:

  1. Escaping the data variable before writing it to the response in the writeResponse function.
  2. Ensuring that any intermediate processing (e.g., render.RenderAsBytes) does not reintroduce unsanitized user input.
Suggested changeset 1
pkg/mock/in_memory.go

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/pkg/mock/in_memory.go b/pkg/mock/in_memory.go
--- a/pkg/mock/in_memory.go
+++ b/pkg/mock/in_memory.go
@@ -26,2 +26,3 @@
 	"net/http"
+	"html"
 	"strings"
@@ -447,3 +448,4 @@
 	if err == nil {
-		w.Write(data)
+		escapedData := html.EscapeString(string(data))
+		w.Write([]byte(escapedData))
 	} else {
EOF
@@ -26,2 +26,3 @@
"net/http"
"html"
"strings"
@@ -447,3 +448,4 @@
if err == nil {
w.Write(data)
escapedData := html.EscapeString(string(data))
w.Write([]byte(escapedData))
} else {
Copilot is powered by AI and may make mistakes. Always verify output.
@LinuxSuRen LinuxSuRen changed the title wip: add tcp proxy support add tcp proxy support May 20, 2025
@codacy-production Codacy Production
Copy link

codacy-production bot commented May 23, 2025
edited
Loading

Coverage summary from Codacy

See diff coverage on Codacy

Coverage variation Diff coverage
Report missing for 8d3799c1 61.70% (target: 80.00%)
Coverage variation details
Coverable lines Covered lines Coverage
Common ancestor commit (8d3799c) Report Missing Report Missing Report Missing
Head commit (8c19ab5) 19853 8144 41.02%

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details
Coverable lines Covered lines Diff coverage
Pull request (#692) 470 290 61.70%

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

See your quality gate settings    Change summary preferences

Footnotes

  1. Codacy didn't receive coverage data for the commit, or there was an error processing the received data. Check your integration for errors and validate that your coverage setup is correct.

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@LinuxSuRen LinuxSuRen merged commit f989857 into master May 23, 2025
21 of 22 checks passed
@LinuxSuRen LinuxSuRen deleted the feat/tcp-mock branch May 23, 2025 13:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yuluo-yx yuluo-yx Awaiting requested review from yuluo-yx yuluo-yx is a code owner

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@LinuxSuRen