diff options
| author | Wladimir J. van der Laan <laanwj@protonmail.com> | 2019-10-16 16:04:16 +0200 |
|---|---|---|
| committer | Wladimir J. van der Laan <laanwj@protonmail.com> | 2019-10-16 16:04:27 +0200 |
| commit | c34b88620dc8435b83e6744895f2ecd3c9ec8de7 (patch) | |
| tree | 367583dd9b4d903342c0ab551880eb44fca6a086 /src/test | |
| parent | 5a3dd93594551efdc4059126b061b8c751ec3f29 (diff) | |
| parent | d7820a1250070f3640246ae497e049bee0b3516f (diff) | |
Merge #17095: util: Filter control characters out of log messages
d7820a1250070f3640246ae497e049bee0b3516f util: Filter control characters out of log messages (Wladimir J. van der Laan)
Pull request description:
Belts and suspenders: make sure outgoing log messages don't contain potentially suspicious characters, such as terminal control codes.
This escapes control characters except newline ('\n') in C syntax. It escapes instead of removes them to still allow for troubleshooting issues where they accidentally end up in strings (it is a debug log, after all).
(more checks could be added such as UTF-8 validity and unicode code-point range checking—this is substantially more involved and would need to keep track of state between characters and even `LogPrint` calls as they could end up split up—but escape codes seem to be the most common attack vector for terminals.)
ACKs for top commit:
practicalswift:
ACK d7820a1250070f3640246ae497e049bee0b3516f - tested and works as expected :)
Tree-SHA512: 0806265addebdcec1062a6def3e903555e62ba5e93967ce9ee6943d16462a222b3f41135a5bff0a76966ae9e7ed75f211d7785bceda788ae0b0654bf3fd891bf
Diffstat (limited to 'src/test')
| -rw-r--r-- | src/test/util_tests.cpp | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/src/test/util_tests.cpp b/src/test/util_tests.cpp index 31a66b6fa9..3995a3c732 100644 --- a/src/test/util_tests.cpp +++ b/src/test/util_tests.cpp @@ -26,6 +26,11 @@ #include <boost/test/unit_test.hpp> +/* defined in logging.cpp */ +namespace BCLog { + std::string LogEscapeMessage(const std::string& str); +} + BOOST_FIXTURE_TEST_SUITE(util_tests, BasicTestingSetup) BOOST_AUTO_TEST_CASE(util_criticalsection) @@ -1696,4 +1701,17 @@ BOOST_AUTO_TEST_CASE(test_spanparsing) BOOST_CHECK_EQUAL(SpanToStr(results[3]), ""); } +BOOST_AUTO_TEST_CASE(test_LogEscapeMessage) +{ + // ASCII and UTF-8 must pass through unaltered. + BOOST_CHECK_EQUAL(BCLog::LogEscapeMessage("Valid log message貓"), "Valid log message貓"); + // Newlines must pass through unaltered. + BOOST_CHECK_EQUAL(BCLog::LogEscapeMessage("Message\n with newlines\n"), "Message\n with newlines\n"); + // Other control characters are escaped in C syntax. + BOOST_CHECK_EQUAL(BCLog::LogEscapeMessage("\x01\x7f Corrupted log message\x0d"), R"(\x01\x7f Corrupted log message\x0d)"); + // Embedded NULL characters are escaped too. + const std::string NUL("O\x00O", 3); + BOOST_CHECK_EQUAL(BCLog::LogEscapeMessage(NUL), R"(O\x00O)"); +} + BOOST_AUTO_TEST_SUITE_END() |