Skip to content

Commit bf11c4b

Browse files
9dl9dl
committed
gosec fixes
1 parent 3baf7bd commit bf11c4b

File tree

4 files changed

+11
-51
lines changed

4 files changed

+11
-51
lines changed

.github/workflows/go.yml

Lines changed: 0 additions & 28 deletions
This file was deleted.

.github/workflows/golangci-lint.yml

Lines changed: 0 additions & 18 deletions
This file was deleted.

backend/injections/blind/boolean-based.go

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -4,8 +4,9 @@ import (
44
"GoInjection/backend/helper"
55
"GoInjection/backend/query"
66
"GoInjection/backend/structs"
7+
"crypto/rand"
78
"fmt"
8-
"math/rand"
9+
"math/big"
910
"strings"
1011
)
1112

@@ -58,8 +59,11 @@ func BooleanBasedInjection(url string) (bool, string) {
5859
payloadStr := payload.([]interface{})[0].(string)
5960
//expectedBool := payload.([]interface{})[1].(bool)
6061

61-
payload = strings.ReplaceAll(payloadStr, "§", fmt.Sprintf("%08d", rand.Int63n(1e8)))
62-
payload = strings.ReplaceAll(payloadStr, "$", fmt.Sprintf("%08d", rand.Int63n(1e8)))
62+
randomNum, _ := rand.Int(rand.Reader, big.NewInt(1e8))
63+
payload := strings.ReplaceAll(payloadStr, "§", fmt.Sprintf("%08d", randomNum))
64+
65+
randomNum, _ = rand.Int(rand.Reader, big.NewInt(1e8))
66+
payload = strings.ReplaceAll(payload, "$", fmt.Sprintf("%08d", randomNum))
6367

6468
payloads, status := q.Build(payloadStr)
6569
if status != "Success" {

backend/injections/union.go

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -5,9 +5,10 @@ import (
55
helper2 "GoInjection/backend/injections/helper"
66
"GoInjection/backend/query"
77
"GoInjection/backend/structs"
8+
"crypto/rand"
89
"encoding/hex"
910
"fmt"
10-
"math/rand"
11+
"math/big"
1112
"strings"
1213
)
1314

@@ -36,7 +37,8 @@ func UnionInjection(url string) (bool, string) {
3637
if payloads, ok := unionPayloads[structs.TargetSyntax]; ok {
3738
for _, payload := range payloads {
3839

39-
var identifierString = fmt.Sprintf("%08d", rand.Int63n(1e8))
40+
randomNum, _ := rand.Int(rand.Reader, big.NewInt(1e8))
41+
var identifierString = strings.ReplaceAll(payload, "$", fmt.Sprintf("%08d", randomNum))
4042
var identifierBytes = hex.EncodeToString([]byte(identifierString))
4143

4244
editor := query.Editor{}

0 commit comments

Comments
 (0)