undefined | Better HN

0 pointsthrashh4y ago0 comments

Isn’t log input being untrusted input an opinion?

Because in an alternative universe, they could have chosen to treat log messages like SQL where parameters are passed separately.

Obviously some people must believe that logs should be trusted input, otherwise we wouldn’t be in this situation.

That said I consider both logs and error exceptions as untrusted input, but purely on practicality.

0 comments

1 comments · 1 top-level

> Because in an alternative universe, they could have chosen to treat log messages like SQL where parameters are passed separately.

They did chose to do this. The vulnerability arises even when this is done correctly.

Pseudocode:

    log("example: %s", userInput)

This is still vulnerable. The parsing that exposes the vulnerability occurs on both the format string and userInput here.

j / k navigate · click thread line to collapse