Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Issue I. User Input Written to Logs #829
added a commit
Apr 9, 2014
in order to address the issue we have:
@evilaliv3 In the code in the report, the return values are prefixed with
Other than that it looks good.
Checking the new log_remove_escapes code: it calls str() on the argument, and catches Exception, and in that case returns "Failur in log_remove_escapes %s" % e. If the argument is of a class with str, which raises an exception, and the exception has a str producing something dangerous, then this code fails to escape it. If it used %r instead of %s, I'd be happier, because the normal behavior of %s is a non-escaped string, which the normal result with %r is escaped. It's still possible to override that, but not so likely as an accident.
About the disambiguating prefixes, I'd suggest tailoring them to what's common and nice-looking in your system instead of eliminating them, though like @defuse I'm not sure it'll matter.
Alternatively (or, really, in addition), in the failure case I complained about above, you could test the result string for any non-printable ASCII characters, and substitute a last-ditch truly-safe complaint message, if raising an exception is no good. All the other code paths are OK without such a check.