accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <>
Subject [jira] [Commented] (ACCUMULO-3681) Avoid string format injection problems
Date Tue, 07 Apr 2015 20:33:12 GMT


ASF GitHub Bot commented on ACCUMULO-3681:

Github user asfgit closed the pull request at:

> Avoid string format injection problems
> --------------------------------------
>                 Key: ACCUMULO-3681
>                 URL:
>             Project: Accumulo
>          Issue Type: Sub-task
>          Components: build
>            Reporter: Christopher Tubbs
>            Assignee: Ed Coleman
>             Fix For: 1.7.0
> In log4j, we could write {{log.debug(e,e);}}, where {{e}} was an {{Exception}} type,
whenever we didn't have a more specific message to put in. Log4j would convert the first parameter
to a {{String}}.
> With the migration to slf4j, this no longer works. Instead, slf4j requires the first
parameter to be a format string. So, in many places, we've converted these to something like
> However, the key point here is that it's not just _any_ string, it's specifically a *format*
string. So, this will be problematic if {{e.toString()}} actually contains format instructions
like {{The input "\{\}" is not a valid table name}}.
> To avoid these kinds of problems, we should take care to replace these with a better
> # {{log.debug("Some explicit message", e);}} (preferred)
> # {{log.debug("", e);}}
> # {{log.debug("{}", e.getMessage(), e);}}
> # {{log.debug("{}", e.toString(), e);}}
> # {{log.debug("{}", e, e);}}

This message was sent by Atlassian JIRA

View raw message