feat: add warning for routes registered without a sanitizer function#93
feat: add warning for routes registered without a sanitizer function#93Suhaibinator merged 1 commit intomainfrom
Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR adds a security warning feature that alerts developers when routes are registered without sanitizer functions. This helps identify potential security vulnerabilities where user input may not be properly sanitized before processing.
- Adds warning logging when routes are registered without sanitizer functions
- Imports the
go.uber.org/zaplogging library to support structured logging
| r.logger.Warn("Route registered without sanitizer function", | ||
| zap.String("path", route.Path), | ||
| zap.Strings("methods", func() []string { | ||
| methods := make([]string, len(route.Methods)) | ||
| for i, method := range route.Methods { | ||
| methods[i] = string(method) | ||
| } | ||
| return methods | ||
| }()), |
There was a problem hiding this comment.
The anonymous function creates a new slice on every route registration. Consider pre-converting the methods slice outside the zap.Strings call to avoid unnecessary allocations during logging.
| r.logger.Warn("Route registered without sanitizer function", | |
| zap.String("path", route.Path), | |
| zap.Strings("methods", func() []string { | |
| methods := make([]string, len(route.Methods)) | |
| for i, method := range route.Methods { | |
| methods[i] = string(method) | |
| } | |
| return methods | |
| }()), | |
| // Pre-convert route.Methods to a string slice | |
| methods := make([]string, len(route.Methods)) | |
| for i, method := range route.Methods { | |
| methods[i] = string(method) | |
| } | |
| r.logger.Warn("Route registered without sanitizer function", | |
| zap.String("path", route.Path), | |
| zap.Strings("methods", methods), |
| zap.String("path", route.Path), | ||
| zap.Strings("methods", func() []string { | ||
| methods := make([]string, len(route.Methods)) | ||
| for i, method := range route.Methods { |
There was a problem hiding this comment.
[nitpick] The inline anonymous function with loop logic makes the logging call harder to read. Extract this conversion logic to a separate helper function or perform the conversion before the logging statement.
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #93 +/- ##
==========================================
+ Coverage 97.17% 97.18% +0.01%
==========================================
Files 18 18
Lines 2370 2379 +9
==========================================
+ Hits 2303 2312 +9
Misses 55 55
Partials 12 12 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
No description provided.