Dan Budris
Dan Budris
since we're re-purposing code from troubleshoot.sh to implement a similar UI, we need to make sure to supply an attribution in `analyzer_output_ui.go`. An example of an attribution can be found...
Digging into this, I ran through the net/http tests in the std lib with the goland debugger, and was able to see that the query parsing in `net/url` was treating...
we can see in https://url.spec.whatwg.org/#urlencoded-parsing that now only supported separator is `&`
ok, cut a new PR (⬆️ ) which uses the original patch for https://github.com/advisories/GHSA-m3hq-grv6-h853, but first patches https://github.com/golang/go/commit/e6dda19888180c5159460486d30c0412e4980748 so that we're not treating semicolons as acceptable path separators in URL...
hm, the unit test associate with this change is failing ``` --- FAIL: TestReverseProxyQueryParameterSmugglingDirectorParsesForm (0.00s) reverseproxy_test.go:1589: proxy forwarded raw query "a=1&a=2;b=3" as "a=1&a=2&b=3", want "a=1" FAIL FAIL net/http/httputil 0.817s ```
fixed in https://github.com/aws/eks-distro-build-tooling/pull/563
/lgtm
given we're deprecating EKS-D 1.20, the last remaning major project using Go 1.15, we're going to close this PR.
/test builder-base-tooling-presubmit