8000 staticcheck: detect uses of fmt.Sprintf for URL-like values · Issue #730 · dominikh/go-tools · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

staticcheck: detect uses of fmt.Sprintf for URL-like values #730

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ainar-g opened this issue Apr 14, 2020 · 1 comment
Open

staticcheck: detect uses of fmt.Sprintf for URL-like values #730

ainar-g opened this issue Apr 14, 2020 · 1 comment
Labels
aggressive A set of checks that is more prone to false positives but is helpful during code review needs-decision We have to decide if this check is feasible and desirable new-check
Milestone
Staticcheck 2022.2

Comments

@ainar-g
Copy link
Contributor
ainar-g commented Apr 14, 2020

Not sure about the universality on this one, but filing just in case. Also not sure if it's more of a staticcheck or a stylecheck. 

var requrl = fmt.Sprintf("http://%s/api/v1/users/%s/comments?q=%s", host, userUUID, query)

This is probably not the best way to create a URL. While the host part may be considered “acceptable”, the query part just looks like bad code to me. Best case scenario: this leads to occasional errors because of bad URLs. Worst case scenario: data leakage due to undervalidated parameters.

I think that this would be much better with *url.URL, url.Values, and path.Join.

@ainar-g ainar-g added the needs-triage Newly filed issue that needs triage label Apr 14, 2020
@dominikh dominikh added needs-decision We have to decide if this check is feasible and desirable new-check and removed needs-triage Newly filed issue that needs triage labels May 10, 2020
@dominikh dominikh added the aggressive A set of checks that is more prone to false positives but is helpful during code review label Oct 17, 2021
@dominikh dominikh added this to the Staticcheck 2022.2 milestone Jan 12, 2022
@seiyab seiyab mentioned this issue Apr 19, 2024
Merged
@seiyab
Copy link
Contributor
seiyab commented Apr 19, 2024

Should these be detected?

Maybe test code should be ignored.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
aggressive A set of checks that is more prone to false positives but is helpful during code review needs-decision We have to decide if this check is feasible and desirable new-check
Projects
None yet
Milestone
Staticcheck 2022.2
Development

No branches or pull requests
3 participants
@dominikh @ainar-g @seiyab
0