31 lines
933 B
Go
31 lines
933 B
Go
package handlers
|
|
|
|
import (
|
|
"regexp"
|
|
"strings"
|
|
)
|
|
|
|
// ansiEscapePattern matches ANSI escape sequences (CSI, OSC, and single-character escapes).
|
|
var ansiEscapePattern = regexp.MustCompile(`(\x1b\[[0-9;]*[a-zA-Z]|\x1b\][^\x07]*\x07|\x1b[^[\]])`)
|
|
|
|
// SanitizeLogs strips ANSI escape sequences and non-printable control characters
|
|
// from container log output. Newlines (\n), carriage returns (\r), and tabs (\t)
|
|
// are preserved. This ensures that attacker-controlled container output cannot
|
|
// inject terminal escape sequences or other dangerous control characters.
|
|
func SanitizeLogs(input string) string {
|
|
// Strip ANSI escape sequences
|
|
result := ansiEscapePattern.ReplaceAllString(input, "")
|
|
|
|
// Strip remaining non-printable characters (keep \n, \r, \t)
|
|
var b strings.Builder
|
|
b.Grow(len(result))
|
|
|
|
for _, r := range result {
|
|
if r == '\n' || r == '\r' || r == '\t' || r >= ' ' {
|
|
b.WriteRune(r)
|
|
}
|
|
}
|
|
|
|
return b.String()
|
|
}
|