Add lint to detect HTML entities in Subject attributes#907
Merged
christopher-henderson merged 35 commits intozmap:masterfrom Dec 28, 2024
Merged
Add lint to detect HTML entities in Subject attributes#907christopher-henderson merged 35 commits intozmap:masterfrom
christopher-henderson merged 35 commits intozmap:masterfrom
Conversation
Added //nolint:all to comment block to avoid golangci-lint to complain about duplicate words in comment
Fixed import block
Fine to me. Co-authored-by: Christopher Henderson <[email protected]>
As per Chris Henderson's suggestion, to "improve readability".
As per Chris Henderson's suggestion.
Added CABFEV_Sec9_2_8_Date
christopher-henderson
approved these changes
Dec 28, 2024
Member
christopher-henderson
left a comment
christopher-henderson
left a comment
There was a problem hiding this comment.
- Thank you for your patience over the holidays.
- This is a silly thing that some code somewhere has done.
- I was trying to think of something better than a regex, like perhaps HTML decoding the string and seeing if it still matches the original. But that has its own complications too.
- I do not find it likely that people have company names with HTML entities in it, so I agree that this is likely fine.
- Thank you for using the configuration infrastructure!
| { | ||
| input: "html_entity_ok3.pem", | ||
| config: ` | ||
| [e_subj_contains_html_entities] |
There was a problem hiding this comment.
Thank for exercising this.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Due to some strange programming error, sometimes it happens that the value of some Subject attribute ends up containing HTML entities, for example "&" instead of the ampersand character ("&"). This has happened several times, mostly in the past but also recently (see Bugzilla). This lint looks for HTML entities in Subject attributes that might contain them, and raises an error if it finds any.
Since a false positive cannot be completely ruled out (in some jurisdictions it may be allowed to register a company with a name that would trigger this lint), it is possible to bypass this lint through configuration. To do so, pass the path of a TOML file to zlint (via the -config option) with this content: