Compare commits

...

5 Commits

Author SHA1 Message Date
cyal1
e581e04ce5
Merge b7dd5120ef35e1ed60c497d770495aa3054e6ab1 into ecb3f7b5e2f3915bf1db240ed5eee572f8dbea36 2025-11-23 12:14:00 +08:00
Bo-Yi Wu
ecb3f7b5e2
chore(deps): upgrade golang.org/x/crypto to v0.45.0 (#4449)
- Update golang.org/x/crypto dependency to version 0.45.0

1. https://avd.aquasec.com/nvd/cve-2025-47914
2. https://avd.aquasec.com/nvd/cve-2025-58181

Signed-off-by: appleboy <appleboy.tw@gmail.com>
2025-11-23 11:46:13 +08:00
cyal1
b7dd5120ef
add open redirect test case
https://github.com/gin-gonic/gin/pull/3907
2024-04-01 14:52:28 +08:00
cyal1
29db90e1fc
fixed open redirect 2024-04-01 14:50:18 +08:00
cyal1
6c8ec4deda
fixed open redirect 2024-03-28 23:05:09 +08:00
4 changed files with 10 additions and 4 deletions

1
gin.go
View File

@ -782,6 +782,7 @@ func redirectTrailingSlash(c *Context) {
p = prefix + "/" + req.URL.Path
}
req.URL.Path = p + "/"
p = regexp.MustCompile("^/{2,}").ReplaceAllString(p, "/")
if length := len(p); length > 1 && p[length-1] == '/' {
req.URL.Path = p[:length-1]
}

2
go.mod
View File

@ -35,7 +35,7 @@ require (
github.com/quic-go/qpack v0.5.1 // indirect
github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
golang.org/x/arch v0.20.0 // indirect
golang.org/x/crypto v0.44.0 // indirect
golang.org/x/crypto v0.45.0 // indirect
golang.org/x/sys v0.38.0 // indirect
golang.org/x/text v0.31.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect

4
go.sum
View File

@ -74,8 +74,8 @@ go.uber.org/mock v0.5.2 h1:LbtPTcP8A5k9WPXj54PPPbjcI4Y6lhyOZXn+VS7wNko=
go.uber.org/mock v0.5.2/go.mod h1:wLlUxC2vVTPTaE3UD51E0BGOAElKrILxhVSDYQLld5o=
golang.org/x/arch v0.20.0 h1:dx1zTU0MAE98U+TQ8BLl7XsJbgze2WnNKF/8tGp/Q6c=
golang.org/x/arch v0.20.0/go.mod h1:bdwinDaKcfZUGpH09BB7ZmOfhalA8lQdzl62l8gGWsk=
golang.org/x/crypto v0.44.0 h1:A97SsFvM3AIwEEmTBiaxPPTYpDC47w720rdiiUvgoAU=
golang.org/x/crypto v0.44.0/go.mod h1:013i+Nw79BMiQiMsOPcVCB5ZIJbYkerPrGnOa00tvmc=
golang.org/x/crypto v0.45.0 h1:jMBrvKuj23MTlT0bQEOBcAE0mjg8mK9RXFhRH6nyF3Q=
golang.org/x/crypto v0.45.0/go.mod h1:XTGrrkGJve7CYK7J8PEww4aY7gM3qMCElcJQ8n8JdX4=
golang.org/x/net v0.47.0 h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY=
golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=

View File

@ -150,8 +150,13 @@ func TestRouteRedirectTrailingSlash(t *testing.T) {
router.GET("/path2/", func(c *Context) {})
router.POST("/path3", func(c *Context) {})
router.PUT("/path4/", func(c *Context) {})
router.GET("/:param1/:param2", func(c *Context) {})
w := PerformRequest(router, http.MethodGet, "/path/")
w := PerformRequest(router, http.MethodGet, "//path/")
assert.Equal(t, "/path", w.Header().Get("Location"))
assert.Equal(t, http.StatusMovedPermanently, w.Code)
w = PerformRequest(router, http.MethodGet, "/path/")
assert.Equal(t, "/path", w.Header().Get("Location"))
assert.Equal(t, http.StatusMovedPermanently, w.Code)