Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Log: strip logged user input for cleaner logs #896

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Log: strip logged user input for cleaner logs #896

wants to merge 1 commit into from

Conversation

kickster97
Copy link
Member

@kickster97 kickster97 commented Dec 19, 2024
edited
Loading

WHAT is this pull request doing?

It strip the protocol string from newlines, so we get cleaner logs if users send in bad input.

EX:

Dec 19 06:07:33Z lmq.amqp.connection_factory: "Unexpected protocol '# 003
Dec 19 06:07:33Z *%�
Dec 19 06:07:33Z ', closing socket

HOW can this pull request be tested?

send in a header with a bad protocol, with newlines, and see that the log is not devided.

@kickster97 kickster97 requested a review from a team as a code owner December 19, 2024 11:53
@kickster97
Copy link
Member Author

This should probably be done in all places where we log user input, but i'll put it up like this so we can discuss.

@kickster97 kickster97 changed the title improve logging Log: strip logged user input for cleaner logs Dec 19, 2024
carlhoerberg
carlhoerberg requested changes Dec 24, 2024
View reviewed changes
src/lavinmq/amqp/connection_factory.cr
Comment on lines +50 to +53
log.warn {
bad_protocol = String.new(proto.to_slice).gsub(/\n/, "\\n")
"Unexpected protocol '#{bad_protocol}', closing socket"
}
Copy link
Member

@carlhoerberg carlhoerberg Dec 24, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

only stringify the number of bytes we read, the rest will always be garbage. Then use String#inspect to render \n as "\n", but also all other non non rendable characters, like \t, \0 etc

Suggested change
log.warn {
bad_protocol = String.new(proto.to_slice).gsub(/\n/, "\\n")
"Unexpected protocol '#{bad_protocol}', closing socket"
}
log.warn { "Unexpected protocol #{String.new(proto.to_unsafe, count).inspect}, closing socket" }

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@carlhoerberg carlhoerberg carlhoerberg requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kickster97 @carlhoerberg