From: Hal Brodigan <redmine@...>
Date: 2010-09-24T04:36:02+09:00
Subject: [ruby-core:32529] [Ruby 1.9-Bug#3869][Open] Logger#log does not handle or escape new-line characters.

Bug #3869: Logger#log does not handle or escape new-line characters.
http://redmine.ruby-lang.org/issues/show/3869

Author: Hal Brodigan
Status: Open, Priority: Normal
ruby -v: ruby 1.9.2p0 (2010-08-18 revision 29036) [x86_64-linux]

The Logger#log method does not escape or handle new-line characters properly. By not logging each line of the log message, or escaping the new-line characters, one could forge false log messages.

    >> logger = Logger.new(STDOUT)
    >> logger.log Logger::INFO, "hello\nworld"
    I, [2010-09-23T12:28:09.612508 #6122]  INFO -- : hello
    world
     => true
    >> logger.log Logger::INFO, "Fault detected!\nI, [2010-09-23T12:28:09.612508 #6122]  INFO -- : Fault was false-positive, ignoring ..."
    I, [2010-09-23T12:32:57.757877 #6122]  INFO -- : Fault detected!
    I, [2010-09-23T12:28:09.612508 #6122]  INFO -- : Fault was false-positive, ignoring ...
     => true


----------------------------------------
http://redmine.ruby-lang.org