From notifications-return-44754-archive-asf-public=cust-asf.ponee.io@accumulo.apache.org Wed Sep 5 00:00:40 2018 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id 6895518078F for ; Wed, 5 Sep 2018 00:00:39 +0200 (CEST) Received: (qmail 94747 invoked by uid 500); 4 Sep 2018 22:00:38 -0000 Mailing-List: contact notifications-help@accumulo.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: jira@apache.org Delivered-To: mailing list notifications@accumulo.apache.org Received: (qmail 94697 invoked by uid 99); 4 Sep 2018 22:00:38 -0000 Received: from ec2-52-202-80-70.compute-1.amazonaws.com (HELO gitbox.apache.org) (52.202.80.70) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 04 Sep 2018 22:00:38 +0000 From: GitBox To: notifications@accumulo.apache.org Subject: [GitHub] ctubbsii commented on a change in pull request #628: Add sec-bugs plugin. Closes #618 Message-ID: <153609843786.25745.7406477671595225692.gitbox@gitbox.apache.org> Date: Tue, 04 Sep 2018 22:00:37 -0000 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit ctubbsii commented on a change in pull request #628: Add sec-bugs plugin. Closes #618 URL: https://github.com/apache/accumulo/pull/628#discussion_r215077693 ########## File path: core/src/main/java/org/apache/accumulo/core/client/impl/TableOperationsImpl.java ########## @@ -1536,6 +1537,14 @@ public void importTable(String tableName, String importDir) } + /** + * Prevent potential CRLF injection into logs from read in user data + * See https://find-sec-bugs.github.io/bugs.htm#CRLF_INJECTION_LOGS + */ + private String sanitize(String msg) { + return msg.replaceAll("[\r\n]",""); Review comment: with my comment above, this is only used once, so could inline this. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: users@infra.apache.org With regards, Apache Git Services