fix: base64 encode gzipped data

tiagoinaba · tiagoinaba · commit 94223bc41702 · 2024-12-30T17:41:53.000-03:00
`string(gzippedData)` does not guarantee a UTF-8 sanitized string,
which may lead to corrupted data.
diff --git a/gothic/gothic.go b/gothic/gothic.go
@@ -330,7 +330,7 @@ func GetFromSession(key string, req *http.Request) (string, error) {
 	session, _ := Store.Get(req, SessionName)
 	value, err := getSessionValue(session, key)
 	if err != nil {
-		return "", errors.New("could not find a matching session for this request")
+		return "", err
 	}
 
 	return value, nil
@@ -343,7 +343,8 @@ func getSessionValue(session *sessions.Session, key string) (string, error) {
 	}
 
 	rdata := strings.NewReader(value.(string))
-	r, err := gzip.NewReader(rdata)
+	b64Reader := base64.NewDecoder(base64.StdEncoding, rdata)
+	r, err := gzip.NewReader(b64Reader)
 	if err != nil {
 		return "", err
 	}
@@ -368,6 +369,6 @@ func updateSessionValue(session *sessions.Session, key, value string) error {
 		return err
 	}
 
-	session.Values[key] = b.String()
+	session.Values[key] = base64.StdEncoding.EncodeToString(b.Bytes())
 	return nil
 }
diff --git a/gothic/gothic_test.go b/gothic/gothic_test.go
@@ -3,6 +3,7 @@ package gothic_test
 import (
 	"bytes"
 	"compress/gzip"
+	"encoding/base64"
 	"fmt"
 	"html"
 	"io/ioutil"
@@ -274,12 +275,13 @@ func gzipString(value string) string {
 		return "err"
 	}
 
-	return b.String()
+	return base64.StdEncoding.EncodeToString(b.Bytes())
 }
 
 func ungzipString(value string) string {
 	rdata := strings.NewReader(value)
-	r, err := gzip.NewReader(rdata)
+	b64Reader := base64.NewDecoder(base64.StdEncoding, rdata)
+	r, err := gzip.NewReader(b64Reader)
 	if err != nil {
 		return "err"
 	}

Original file line number	Diff line number	Diff line change
`@@ -330,7 +330,7 @@ func GetFromSession(key string, req *http.Request) (string, error) {`
`330`	`330`	`session, _ := Store.Get(req, SessionName)`
`331`	`331`	`value, err := getSessionValue(session, key)`
`332`	`332`	`if err != nil {`
`333`		`- return "", errors.New("could not find a matching session for this request")`
	`333`	`+ return "", err`
`334`	`334`	`}`
`335`	`335`
`336`	`336`	`return value, nil`
`@@ -343,7 +343,8 @@ func getSessionValue(session *sessions.Session, key string) (string, error) {`
`343`	`343`	`}`
`344`	`344`
`345`	`345`	`rdata := strings.NewReader(value.(string))`
`346`		`- r, err := gzip.NewReader(rdata)`
	`346`	`+ b64Reader := base64.NewDecoder(base64.StdEncoding, rdata)`
	`347`	`+ r, err := gzip.NewReader(b64Reader)`
`347`	`348`	`if err != nil {`
`348`	`349`	`return "", err`
`349`	`350`	`}`
`@@ -368,6 +369,6 @@ func updateSessionValue(session *sessions.Session, key, value string) error {`
`368`	`369`	`return err`
`369`	`370`	`}`
`370`	`371`
`371`		`- session.Values[key] = b.String()`
	`372`	`+ session.Values[key] = base64.StdEncoding.EncodeToString(b.Bytes())`
`372`	`373`	`return nil`
`373`	`374`	`}`