sanitize

package

v0.74.0 Latest Latest Go to latest Published: Mar 16, 2026 License: MIT Imports: 2 Imported by: 2

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/grokify/mogo

Links

Open Source Insights

Documentation ¶

Overview ¶

Package sanitize provides functions for sanitizing user input before logging.

Log injection (CWE-117) occurs when untrusted data is written to logs without proper neutralization, allowing attackers to forge log entries, corrupt log integrity, or inject malicious content.

Reference: https://cwe.mitre.org/data/definitions/117.html

Example attack vectors:

Newline injection: "legitimate\nERROR: fake entry" creates fake log lines
Carriage return injection: overwrites log lines on some terminals
Control character injection: can corrupt log files or exploit log viewers

Usage:

log.Printf("user=%s action=%s", sanitize.String(username), sanitize.String(action))
slog.Info("request", "session_id", sanitize.String(sessionID))

Index ¶

func HasControlChars(s string) bool
func IsClean(s string) bool
func String(s string) string
func StringOrTruncate(s string, maxLen int) string
func StringReplace(s, replacement string) string
func Strings(values ...string) []string
func StripAllControl(s string) string

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func HasControlChars ¶

func HasControlChars(s string) bool

HasControlChars returns true if the string contains any Unicode control characters (category Cc), which is broader than just ASCII control chars.

func IsClean ¶

func IsClean(s string) bool

IsClean returns true if the string contains no control characters that would require sanitization.

Example:

if !sanitize.IsClean(sessionID) {
    log.Warn("suspicious session ID detected")
}

func String ¶

func String(s string) string

String removes or replaces characters that could be used for log injection. This includes newlines, carriage returns, and other ASCII control characters.

Use this function when logging any user-controlled input to prevent CWE-117.

Example:

log.Printf("session=%s", sanitize.String(req.SessionID))

func StringOrTruncate ¶

func StringOrTruncate(s string, maxLen int) string

StringOrTruncate sanitizes a string and truncates it to maxLen if longer. This is useful for logging potentially large user inputs.

Example:

log.Printf("body=%s", sanitize.StringOrTruncate(requestBody, 1000))

func StringReplace ¶

func StringReplace(s, replacement string) string

StringReplace is like String but replaces control characters with a replacement string instead of removing them. This preserves the visual indication that something was sanitized.

Example:

log.Printf("input=%s", sanitize.StringReplace(userInput, "?"))

func Strings ¶

func Strings(values ...string) []string

Strings sanitizes multiple strings, returning a new slice.

Example:

safe := sanitize.Strings(userID, sessionID, action)

func StripAllControl ¶

func StripAllControl(s string) string

StripAllControl removes all Unicode control characters (category Cc), not just ASCII control characters. Use this for stricter sanitization.

Types ¶

This section is empty.

Source Files ¶

View all Source files

sanitize.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL