diff options
author | Kim Alvefur <zash@zash.se> | 2022-01-27 21:40:13 +0100 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2022-01-27 21:40:13 +0100 |
commit | dccab4e10ff17dbf87aa95a68d49db3adc235b78 (patch) | |
tree | 3313b7da8f0c42b4801f3bc45c88c0a673d20372 /util | |
parent | c551d3d8dd756816b550dadb9e226c2d3ea6f334 (diff) | |
download | prosody-dccab4e10ff17dbf87aa95a68d49db3adc235b78.tar.gz prosody-dccab4e10ff17dbf87aa95a68d49db3adc235b78.zip |
util.format: Expand explanation of purpose in comments
Diffstat (limited to 'util')
-rw-r--r-- | util/format.lua | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/util/format.lua b/util/format.lua index 533f3a82..09369da4 100644 --- a/util/format.lua +++ b/util/format.lua @@ -1,6 +1,9 @@ -- --- A string.format wrapper that gracefully handles invalid arguments +-- A string.format wrapper that gracefully handles invalid arguments since +-- certain format string and argument combinations may casue errors or other +-- issues like log spoofing -- +-- Provides some protection from e.g. CAPEC-135, CWE-117, CWE-134, CWE-93 local tostring = tostring; local unpack = table.unpack or unpack; -- luacheck: ignore 113/unpack @@ -109,6 +112,8 @@ local function format(formatstring, ...) if not valid_utf8(arg) then option = "q"; elseif option ~= "q" then -- gets fully escaped in the next block + -- Prevent funny things with ASCII control characters and ANSI escape codes (CWE-117) + -- Also ensure embedded newlines can't look like another log line (CWE-93) args[i] = arg:gsub("[%z\1-\8\11-\31\127]", control_symbols):gsub("\n\t?", "\n\t"); return spec; end |