[issue46200] Discourage logging f-strings due to security considerations
Gregory P. Smith
report at bugs.python.org
Fri Feb 18 19:28:52 EST 2022
Gregory P. Smith <greg at krypto.org> added the comment:
A new system of logging APIs has been on several of our (core dev and otherwise) minds ever since f-strings were introduced. For this specific issue, agreed that documentation is key.
The old logging APIs cannot change. And practically preventing passing non-literal constant values in as the first parameter within their implementation while there are theoretical ways to _maybe_ do that, I expect none would be maintainable or performant.
For https://www.python.org/dev/peps/pep-0675/#logging-format-string-injection, my gut feeling is you want logging functions annotated as is a duality using overload.
```
@overload
def info(str) -> None:
...
@overload
def info(msg: LiteralString, *args: object) -> None:
```
As that prevents the untrusted template in msg so you could use a lone f-str.
This larger conversation is better turned into a python-dev or discuss.python.org thread than done in our poor bug tracker as anything more than the doc update and musing around the annotations turns into an evolved logging system design discussion. (a nice thread internally at work just restarted about this and linked here... people want f-logging!)
----------
nosy: +gregory.p.smith
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue46200>
_______________________________________
More information about the Python-bugs-list
mailing list