8000 staticcheck: detect uses of fmt.Sprintf for URL-like values · Issue #730 · dominikh/go-tools · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content 10000
staticcheck: detect uses of fmt.Sprintf for URL-like values #730
New issue
New issue
Open
Open
staticcheck: detect uses of fmt.Sprintf for URL-like values#730
Labels
aggressiveA set of checks that is more prone to false positives but is helpful during code reviewneeds-decisionWe have to decide if this check is feasible and desirablenew-check
Milestone
 
Staticcheck 2022.2
@ainar-g

Description

@ainar-g
ainar-g
opened on Apr 14, 2020

Not sure about the universality on this one, but filing just in case. Also not sure if it's more of a staticcheck or a stylecheck. 

var requrl = fmt.Sprintf("http://%s/api/v1/users/%s/comments?q=%s", host, userUUID, query)

This is probably not the best way to create a URL. While the host part may be considered “acceptable”, the query part just looks like bad code to me. Best case scenario: this leads to occasional errors because of bad URLs. Worst case scenario: data leakage due to undervalidated parameters.

I think that this would be much better with *url.URL, url.Values, and path.Join.

Metadata

Metadata

Assignees

No one assigned

    Labels

    aggressiveA set of checks that is more prone to false positives but is helpful during code reviewneeds-decisionWe have to decide if this check is feasible and desirablenew-check

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      0