redis.log is not supported by dragonfly lua engine

[mperham]

Sidekiq Enterprise uses Lua to provide a rate limiting API. There are points in this code where it uses redis.log to emit warnings or errors to the logfile, as below. It does not appear that DragonflyDB provides this logger by default as I get a nil warning.

redis.log(redis.LOG_WARNING, "[sidekiq] Reclaiming " .. count .. " expired locks for " .. KEYS[1])
redis.call('hincrby', KEYS[3], "reclaimed", count)

What should I do with this code? "Comment it out" is a valid suggestion, as the logging isn't really necessary.

[romange]

We can provide this function as a noop as a first step. It won't go into v1.14 but we can do it for the next version. I feel uncomfortable letting server users to write directly into server logs as it can be a potential security and reliability risk.

[Qubitium]

If the server user/api callers do not sanitize key/value after user input and before calling redis/dragonfly api, where the logging happens, I think log security concern is very low on the exploit path.

I feel uncomfortable letting server users to write directly into server logs as it can be a potential security and reliability risk.