Join GitHub today
GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
Already on GitHub? Sign in to your account
Escape rather than remove any printable characters in UAs #10731
Conversation
|
It seems risky to put quote chars in there. |
|
Hmm, you mean in case someone is reading the log and inserting it into a SQL database or something? |
|
@luke-jr Yep. Or it makes its way to the command line, and someone is lazy and fails to quote. We've seen this movie before :) |
jonasschnelli
added
the
P2P
label
Jul 3, 2017
luke-jr
changed the title from
net_processing: Avoid filtering any printable characters from UAs in the log
to
SanitizeString: Expand upon allowed characters in logging to include "!#%&*+=^{}~"
Jul 3, 2017
|
Reduced the subset to avoid quotes and other possibly dangerous characters, and just made it the default (which is only used for logging). |
gmaxwell
reviewed
Jul 4, 2017
NAK.
! can divert shell processing (past event references), % and & can divert URIs and HTML contexts (by constructing other prohibited characters).
Do we really need to do things like this? Reviewing these sorts of things take time an effort that could better be spent elsewhere.
|
I can remove |
|
Concept NACK per @gmaxwell. The existing safe chars should be enough to generate any ua comment that might render useful. |
|
@MarcoFalke I'm not talking about a speculative scenario. UAs using And the existing safe chars uses the same limits for both |
|
(Also, the super-nanny approach of not allowing any possible "needs escaping" characters already sailed a long time ago: |
@luke-jr that doesn't sound a good argument |
I agree, I'd rather not make this change. |
|
! is shell problematic |
|
Closing because seems not something we should do. |
jonasschnelli
closed this
Jul 13, 2017
|
Please reopen. This is a bug fix for a present issue, for which no alternate solutions have been proposed. We already use/allow "shell-problematic" characters (such as parenthesis and semicolon), and worrying about them in log files is pretty absurd anyway. My bitcoin logs already have |
|
But @luke-jr: your changing the default charset for the general function |
|
reopening |
jonasschnelli
reopened this
Jul 13, 2017
luke-jr
changed the title from
SanitizeString: Expand upon allowed characters in logging to include "!#%&*+=^{}~"
to
Escape rather than remove any printable characters in UAs
Jul 13, 2017
|
Rewrote this to only allow the full set of printable characters in the GUI where it should be harmless, and to escape them in %XX format when printing to the log. |
| strResult.push_back(str[i]); | ||
| + } else if (escape) { | ||
| + strResult += strprintf("%02x", str[i]); |
ryanofsky
Jul 13, 2017
•
Edited 1 time
-
ryanofsky
Jul 13, 2017
Contributor
-
Jul 13, 2017
This isn't really escaping, because the output is ambiguous (there no way to detect escape sequences and recover the original string). Probably would be better to change to something like strprintf("%%%02X", str[i]) or strprintf("\\x%02X", str[i]) to use a more standard url-style or c-style escape format.
Also, if you do url-style or c-style escaping you should make sure the % or \ escape character is itself escaped by tweaking the SAFE_CHARS.find condition or just not including the character in SAFE_CHAR lists.
| strResult.push_back(str[i]); | ||
| + } else if (escape) { | ||
| + strResult += strprintf("%%%02x", str[i]); |
ryanofsky
Jul 13, 2017
Contributor
You will also want to remove the % character from SAFE_CHARS_PRINTABLE so it will be escaped itself, or alternately add a && (!escape || str[i] != '%') clause to the find check above.
ryanofsky
Jul 13, 2017
•
Edited 1 time
-
ryanofsky
Jul 13, 2017
Contributor
-
Jul 13, 2017
Maybe use %02X instead of %02x since it helps escape sequences stand out a little more, and is the more common way you see percent encoding done.
|
Can we instead remove exposing of subver entirely? I'm really tired of people "voting" by spinning up sybil attacks, its just not in any way useful. |
|
@TheBlueMatt Whether we do or don't, it's outside the scope of this PR. |
luke-jr
added some commits
Jul 3, 2017
|
@ryanofsky (addressed your nits btw) |
laanwj
added
the
Docs and Output
label
Sep 6, 2017
|
There seems to be no conceptual acknowledgment to do this. Closing for now. |
luke-jr commentedJul 3, 2017
•
Edited 1 time
-
luke-jr
Jul 13, 2017
Current Core strips out the
!,+and=characters used by the UASF client and Knots to indicate whether BIP148 enforcement is enabled. This expands the allowed characters to all printable ASCII characters for the GUI, and escapes the disallowed-from-log ones in %XX format when printing to the log.