Skip to content
Permalink
Browse files Browse the repository at this point in the history
Log Injection Attack Vulnerability
By logging the unsanitized user input, a log injection attack can
occur. This commit removes user-provided values from the logs.
  • Loading branch information
Philip I. Thomas committed Aug 3, 2015
1 parent e0f7933 commit 9eba6ba
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion resolverapi/endpoints.py
Expand Up @@ -18,7 +18,7 @@ def get(self, rdtype, domain):

rdtype = rdtype.upper()
current_app.logger.info(
'Request from %s - %s %s', request.remote_addr, rdtype, domain)
'Request from %s - %s', request.remote_addr, rdtype)
self.valid_args(rdtype, domain)

# Iterate through nameservers so that we can tell which one gets used.
Expand Down

0 comments on commit 9eba6ba

Please sign in to comment.