Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

proposal:strconv.ParseBool produces a detailed error message that points to the use of Golang #40232

Closed
sean2Yi opened this issue Jul 15, 2020 · 1 comment
Closed

proposal:strconv.ParseBool produces a detailed error message that points to the use of Golang #40232

sean2Yi opened this issue Jul 15, 2020 · 1 comment
Labels
FrozenDueToAge Proposal
Milestone
Proposal

Comments

@sean2Yi
Copy link

sean2Yi commented Jul 15, 2020

What version of Go are you using (go version)?

$ go version
go version go1.12.5 darwin/amd64

What operating system and processor architecture are you using (go env)?

go env Output
$ go env
GOARCH="amd64"
GOBIN=""
GOCACHE="/Users/sean/Library/Caches/go-build"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="darwin"
GOOS="darwin"
GOPATH="/Users/sean/go"
GOPROXY=""
GORACE=""
GOROOT="/usr/local/go"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/darwin_amd64"
GCCGO="gccgo"
CC="clang"
CXX="clang++"
CGO_ENABLED="1"
GOMOD="/Users/sean/Documents/workspace4/assets/go.mod"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/var/folders/2z/g1hqw0lj415_z5dlz9gxpz600000gn/T/go-build331636948=/tmp/go-build -gno-record-gcc-switches -fno-common"

What did you do?

result, err := strconv.ParseBool("test")
if err != nil {
	t.Errorf("%v", err)
}

What did you expect to see?

parsing "test": invalid syntax

What did you see instead?

strconv.ParseBool: parsing "test": invalid syntax

strconv.ParseBool produces a detailed error message that points to the use of Golang.
I suggest to remove strconv.ParseBool string from the error message due to the security vulnerability.
@sean2Yi sean2Yi changed the title security:strconv.ParseBool produces a detailed error message that points to the use of Golang proposal:strconv.ParseBool produces a detailed error message that points to the use of Golang Jul 15, 2020
@gopherbot gopherbot added this to the Proposal milestone Jul 15, 2020
@ALTree
Copy link
Member

ALTree commented Jul 15, 2020

If you don't want this kind of detail to leak, intercept the error and print your own. But we certainly cannot change every single error the compiler, the runtime and the standard library packages print to make them not leak the fact that the binary was built using Go.

@ALTree ALTree closed this as completed Jul 15, 2020
@golang golang locked and limited conversation to collaborators Jul 15, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge Proposal
Projects
None yet
Milestone
Proposal
Development

No branches or pull requests
3 participants
@ALTree @gopherbot @sean2Yi