Structured logging should escape delimiters

wearpants / twiggy

Pythonic logger, shipped in Redhat & Debian

BSD 3-Clause "New" or "Revised" License

47 stars 11 forks source link

Open wearpants opened 11 years ago

wearpants commented 11 years ago

Attackers can usually specially crafted values to hide things from log parsers.

Special characters in log Formats should be escaped (with \ or user-supplied char) when they show up in fields/message.

Imported from Bitbucket.

wearpants commented 11 years ago

This may be done in a branch?