Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
import logging
logging.basicConfig(level=logging.INFO)
logger = logging.getLogger(__name__)
# basic usage
logger.info("hello world")
# basic formatting
context = {
"user": "bob",
"msg": "hello everybody",
}
logger.info("user '%(user)s' commented: '%(msg)s'.", context)
# classic log injection
context = {
"user": "bob",
"msg": "hello'.\nINFO:__main__:user 'alice' commented 'I like pineapple pizza",
}
logger.info("user '%(user)s' commented: '%(msg)s'.", context)
# f-string double formatting error
context = {
"user": "bob",
"msg": (msg := "%(foo)s"),
}
logger.info(f"user '%(user)s' commented: '{msg}'.", context)
# DoS attack
context = {
"user": "bob",
"msg": (msg := "%(user)999999s"), # add more nines at your own risk
}
logger.info(f"user '%(user)s' commented: '{msg}'.", context)
# secret leakage
context = {
"user": "bob",
"msg": (msg := "%(secret)s"),
"secret": "hunter2",
}
logger.info(f"user '%(user)s' commented: '{msg}'.", context)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment