couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Lehnardt <...@apache.org>
Subject Re: git commit: Allow POST to _log.
Date Sun, 30 Oct 2011 19:14:22 GMT

On Oct 30, 2011, at 19:49 , Noah Slater wrote:

> Doesn't this allow malicious user agents to craft spoofed log entries for
> CouchDB? You could make it look like something very serious was happening,
> causing the CouchDB admin to take measures that harm the server or the data
> it contains. If we're going to do this at all (and I am not sure I see a
> valid use case here) then the message should be prefixed with a big fat
> notice that it's user generated.

Good thinking, do you want to move the discussion to https://issues.apache.org/jira/browse/COUCHDB-464
so we don't have two place to look later?

I'll reply with my idea about it :)

Cheers
Jan
-- 

> 
> On Sun, Oct 30, 2011 at 4:39 PM, <jan@apache.org> wrote:
> 
>> Updated Branches:
>> refs/heads/master f94530da9 -> 6cffccdfe
>> 
>> 
>> Allow POST to _log.
>> 
>> POST /_log {"level":"info|debug|error", "message":"your message here"}
>> 
>> Patch by Robert Newson.
>> 
>> Closes COUCHDB-464
>> 
>> 
>> Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
>> Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/6cffccdf
>> Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/6cffccdf
>> Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/6cffccdf
>> 
>> Branch: refs/heads/master
>> Commit: 6cffccdfe08e6d859cc7e83be3bcc521bf68fd5a
>> Parents: f94530d
>> Author: Jan Lehnardt <jan@apache.org>
>> Authored: Sun Oct 30 17:38:18 2011 +0100
>> Committer: Jan Lehnardt <jan@apache.org>
>> Committed: Sun Oct 30 17:38:18 2011 +0100
>> 
>> ----------------------------------------------------------------------
>> src/couchdb/couch_httpd_misc_handlers.erl |   21 ++++++++++++++++++---
>> 1 files changed, 18 insertions(+), 3 deletions(-)
>> ----------------------------------------------------------------------
>> 
>> 
>> 
>> http://git-wip-us.apache.org/repos/asf/couchdb/blob/6cffccdf/src/couchdb/couch_httpd_misc_handlers.erl
>> ----------------------------------------------------------------------
>> diff --git a/src/couchdb/couch_httpd_misc_handlers.erl
>> b/src/couchdb/couch_httpd_misc_handlers.erl
>> index 8abf0aa..ae6ffe3 100644
>> --- a/src/couchdb/couch_httpd_misc_handlers.erl
>> +++ b/src/couchdb/couch_httpd_misc_handlers.erl
>> @@ -254,7 +254,22 @@ handle_log_req(#httpd{method='GET'}=Req) ->
>>    ]),
>>    send_chunk(Resp, Chunk),
>>    last_chunk(Resp);
>> +handle_log_req(#httpd{method='POST'}=Req) ->
>> +    {PostBody} = couch_httpd:json_body_obj(Req),
>> +    Level = couch_util:get_value(<<"level">>, PostBody),
>> +    Message = ?b2l(couch_util:get_value(<<"message">>, PostBody)),
>> +    case Level of
>> +    <<"debug">> ->
>> +        ?LOG_DEBUG(Message, []),
>> +        send_json(Req, 200, {[{ok, true}]});
>> +    <<"info">> ->
>> +        ?LOG_INFO(Message, []),
>> +        send_json(Req, 200, {[{ok, true}]});
>> +    <<"error">> ->
>> +        ?LOG_ERROR(Message, []),
>> +        send_json(Req, 200, {[{ok, true}]});
>> +    _ ->
>> +        send_json(Req, 400, {[{error, ?l2b(io_lib:format("Unrecognized
>> log level '~s'", [Level]))}]})
>> +    end;
>> handle_log_req(Req) ->
>> -    send_method_not_allowed(Req, "GET").
>> -
>> -
>> +    send_method_not_allowed(Req, "GET,POST").
>> 
>> 


Mime
View raw message