sneak/upaas
1
0
Fork 0
Code Issues 9 Pull Requests 1 Actions Packages Projects Releases 1 Wiki Activity

feat: sanitize container log output beyond Content-Type

Browse Source 
Add SanitizeLogs() that strips ANSI escape sequences and non-printable
control characters (preserving newlines, carriage returns, and tabs)
from all container and deployment log output paths:

- HandleAppLogs (text/plain response)
- HandleDeploymentLogsAPI (JSON response)
- HandleContainerLogsAPI (JSON response)

Container log output is attacker-controlled data. Content-Type alone
is insufficient — the data itself must be sanitized before serving.

Includes comprehensive test coverage for the sanitization function.
This commit is contained in:
user
2026-02-19 20:36:13 -08:00
parent dcff249fe5
commit 0bb59bf9c2
3 changed files with 117 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
internal/handlers/app.go
View File

@@ -499,7 +499,7 @@ func (h *Handlers) HandleAppLogs() http.HandlerFunc {
return
}
_, _ = writer.Write([]byte(logs)) // #nosec G705 -- Content-Type is text/plain, no XSS risk
_, _ = writer.Write([]byte(SanitizeLogs(logs))) // #nosec G705 -- logs sanitized, Content-Type is text/plain
}
}
@@ -534,7 +534,7 @@ func (h *Handlers) HandleDeploymentLogsAPI() http.HandlerFunc {
logs := ""
if deployment.Logs.Valid {
logs = deployment.Logs.String
logs = SanitizeLogs(deployment.Logs.String)
}
response := map[string]any{
@@ -661,7 +661,7 @@ func (h *Handlers) HandleContainerLogsAPI() http.HandlerFunc {
}
response := map[string]any{
"logs": logs,
"logs": SanitizeLogs(logs),
"status": status,
}