-
Notifications
You must be signed in to change notification settings - Fork 57
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Library uses json.NewDecoder(body).Decode which might not error on trailing extra data #189
Labels
Comments
mitar
added
status/needs-triage
Issues that need to be triaged.
type/potential-bug
Potential Bugs
labels
Dec 1, 2023
Yeah this seems fairly easy to add. |
I think in general it would be useful to have also two defers:
Just to make sure the body is drained and closed. (Improves connection reuse in Go http stack.) |
This function is intentionally agnostic of what's being used. We can probably however add it to the non-agnostic one. |
james-d-elliott
added a commit
that referenced
this issue
Dec 2, 2023
This fixes an issue where the trailing data in the credential parsing functions would be ignored. This also adds some clarity documentation and cleanup to the ParseCredentialCreationResponse and ParseCredentialRequestResponseBody functions. Fixes #189
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
Version
0.9.2
Description
For example, in
ParseCredentialCreationResponseBody
you can see:json.NewDecoder(r).Decode
by itself is meant as a streaming parser and it does not fail on its own if there is trailing data after payload. I use such check in my own code to mitigate that.Reproduction
N/A
Expectations
No response
Documentation
See: golang/go#36225
The text was updated successfully, but these errors were encountered: