-
Notifications
You must be signed in to change notification settings - Fork 461
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
logmsg: sanitize sdata keys #1650
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -97,7 +97,7 @@ assert_sdata_value_with_seqnum_equals(LogMessage *msg, guint32 seq_num, const gc | |
GString *result = g_string_sized_new(0); | ||
|
||
log_msg_append_format_sdata(msg, result, seq_num); | ||
cr_assert_str_eq(result->str, expected, "SDATA value does not match"); | ||
cr_assert_str_eq(result->str, expected, "SDATA value does not match, '%s' vs '%s'", expected, result->str); | ||
g_string_free(result, TRUE); | ||
} | ||
|
||
|
@@ -332,6 +332,40 @@ Test(log_message, test_local_logmsg_created_with_the_right_flags_and_timestamps) | |
cr_assert(are_equals, "The timestamps in a LogMessage created by log_msg_new_local() should be equals"); | ||
} | ||
|
||
Test(log_message, test_sdata_sanitize_keys) | ||
{ | ||
LogMessage *msg; | ||
/* These keys looks strange, but JSON object can be parsed to SDATA, | ||
* so the key could contain any character, while the specification | ||
* does not declare any way to encode the the keys, just the values. | ||
* The goal is to have a syntactically valid syslog message. */ | ||
|
||
msg = log_msg_new_empty(); | ||
log_msg_set_value_by_name(msg, ".SDATA.foo.bar[0]", "value[0]", -1); | ||
assert_sdata_value_equals(msg, "[foo bar%5B0%5D=\"value[0\\]\"]"); | ||
log_msg_unref(msg); | ||
|
||
msg = log_msg_new_empty(); | ||
log_msg_set_value_by_name(msg, ".SDATA.foo.bácsi", "bácsi", -1); | ||
assert_sdata_value_equals(msg, "[foo b%C3%A1csi=\"bácsi\"]"); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. It's a little bit strange to see here that the key is urlencoded, but the value isn't. Why do not we have the same problem with the values? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. The RFC 5424 says (on page 7):
We do the escaping in value, and any UTF-8 character is accepted there. |
||
log_msg_unref(msg); | ||
|
||
msg = log_msg_new_empty(); | ||
log_msg_set_value_by_name(msg, ".SDATA.foo.sp ace", "sp ace", -1); | ||
assert_sdata_value_equals(msg, "[foo sp%20ace=\"sp ace\"]"); | ||
log_msg_unref(msg); | ||
|
||
msg = log_msg_new_empty(); | ||
log_msg_set_value_by_name(msg, ".SDATA.foo.eq=al", "eq=al", -1); | ||
assert_sdata_value_equals(msg, "[foo eq%3Dal=\"eq=al\"]"); | ||
log_msg_unref(msg); | ||
|
||
msg = log_msg_new_empty(); | ||
log_msg_set_value_by_name(msg, ".SDATA.foo.quo\"te", "quo\"te", -1); | ||
assert_sdata_value_equals(msg, "[foo quo%22te=\"quo\\\"te\"]"); | ||
log_msg_unref(msg); | ||
} | ||
|
||
Test(log_message, test_sdata_value_is_updated_by_sdata_name_value_pairs) | ||
{ | ||
LogMessage *msg; | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just a suggestion:
Not sure how much performance penalty is included due to this, but maybe it would worth build a global constant table: ascii->bool which can tell in one step if escape is needed, instead of the 4 comparison above.