{
    "info": {
        "author": "Darren P Meyer",
        "author_email": "darren@darrenpmeyer.com",
        "bugtrack_url": null,
        "classifiers": [],
        "description": "==========================\nlogging-formatter-anticrlf\n==========================\n--------------------------------------------------------------------------\nPython logging Formatter for CRLF Injection (CWE-93 / CWE-117) prevention\n--------------------------------------------------------------------------\n\nlogging Formatter to sanitize CRLF errors (CWE-93, some forms of CWE-117)\n\nThis class is a drop-in replacement for ``logging.Formatter``, and has the\nexact same construction arguments. However, as a final step of formatting a\nlog line, it escapes carriage returns (\\\\r) and linefeeds (\\\\n).\n\nBy default, these are replaced with their escaped equivalents (see `Examples`_),\nbut the ``replacements`` dictionary can be modified to change this behavior.\n\nThis sanitization should solve CWE-93 errors and CRLF-based versions of\nCWE-117. Some CWE-117 errors are concerns about e.g. XSS flaws in logs that\nare likely to be viewed in a browser; this formatter can't handle every\nform of CWE-117.\n\nInstallation\n============\n\n::\n\n    pip install logging-formatter-anticrlf\n\n\nExamples\n========\n\n::\n\n    import anticrlf\n\n    handler = logging.StreamHandler(sys.stderr)\n    handler.setFormatter(anticrlf.LogFormatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s'))\n\n    logger = logging.getLogger(__name__)\n    logger.addHandler(handler)\n    logger.setLevel(logging.INFO)\n\n    logger.info(\"Example text with a newline\\nhere\")\n\nThis results in::\n\n    2017-02-03 08:43:52,557 - __main__ - INFO - Example text with a newline\\nhere\n\nWhereas with the default ``Formatter``, it would be::\n\n    2017-02-03 08:43:52,557 - __main__ - INFO - Example text with a newline\n    here\n\nIf you wanted newlines to be replaced with \\\\x0A instead, you could::\n\n    formatter = anticrlf.LogFormatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s')\n    formatter.replacements[\"\\n\"] = \"\\\\x0A\"  # Note the double backslash for literal!\n    handler.setFormatter(formatter)\n\n\nChanging Replacements\n=====================\n\nThe ``replacements`` field of the formatter is a ``SubstitutionMap`` object that behaves\nlike a ``dict`` with a few exceptions designed to help developers avoid making insecure mistakes.\n\nSpecifically:\n\n* an \"empty\" ``SubstitutionMap`` object will contain the default mappings for CR and LF chars\n* calling ``del`` on either the CR or LF key will *reset the value* rather than *delete* the key\n* any attempt to create a key-value pair that results in any value containing any of the keys\n  will raise an ``UnsafeSubstitutionError``\n\nThe rationale for the last item is that the keys of the ``replacements`` field are strings\nthat are considered unsafe. Replacing one unsafe string with another defeats the purpose of\nusing this module.\n\nAdditionally, if you assign a regular ``dict`` to the ``replacements`` field, and try to log\nsomething using that configuration, ``anticrlf.LogFormatter`` will reset the ``replacements``\nfield to its default value and issue a ``UserWarning`` to that effect.\n\nThat means the following::\n\n    formatter.replacements[\"\\n\"] = \"\\\\x0A\"  # replace LF chars with '\\x0A'\n    del formatter.replacements[\"\\n\"]        # return to replacing LF with '\\n'\n    formatter.replacements[\"\\t\"] = \"\\\\t\"    # replace tabs with '\\t'\n    formatter.replacements[\"\\n\"] = \"<\\t>\"   # raises UnsafeSubstitutionError\n\nThe last occurs because the value ``<\\t>`` contains ``\\t``, which was previously created as a key.\n\nAnd::\n\n    formatter.replacements = { \"\\n\": \"\\r\" }  # this is a mistake!\n    logger.info(\"example\")\n\nWill result, if that logger is using that formatter, in ``replacements`` being returned to its\nsafe default value and a ``UserWarning`` about that being issued.",
        "description_content_type": "text/x-rst",
        "docs_url": null,
        "download_url": "",
        "downloads": {
            "last_day": -1,
            "last_month": -1,
            "last_week": -1
        },
        "home_page": "https://github.com/darrenpmeyer/logging-formatter-anticrlf",
        "keywords": "",
        "license": "BSD 2-clause",
        "maintainer": "",
        "maintainer_email": "",
        "name": "logging-formatter-anticrlf",
        "package_url": "https://pypi.org/project/logging-formatter-anticrlf/",
        "platform": "",
        "project_url": "https://pypi.org/project/logging-formatter-anticrlf/",
        "project_urls": {
            "Homepage": "https://github.com/darrenpmeyer/logging-formatter-anticrlf"
        },
        "release_url": "https://pypi.org/project/logging-formatter-anticrlf/1.2/",
        "requires_dist": null,
        "requires_python": "",
        "summary": "Python logging Formatter for CRLF Injection (CWE-93 / CWE-117) prevention",
        "version": "1.2"
    },
    "last_serial": 4718581,
    "releases": {
        "1.1.post1": [
            {
                "comment_text": "",
                "digests": {
                    "md5": "68f4ef53a9c6f31327960045c7a32675",
                    "sha256": "c4895bd2fceb5cb9d31779e5564d6faf58cef2130839615ea161eaa217a7bb86"
                },
                "downloads": -1,
                "filename": "logging-formatter-anticrlf-1.1.post1.tar.gz",
                "has_sig": false,
                "md5_digest": "68f4ef53a9c6f31327960045c7a32675",
                "packagetype": "sdist",
                "python_version": "source",
                "requires_python": null,
                "size": 4811,
                "upload_time": "2019-01-19T05:11:45",
                "url": "https://files.pythonhosted.org/packages/3e/e9/6e6d578d84c8e72d93ef5665ee81adac5c30c87ff4a7c05affe9e99af546/logging-formatter-anticrlf-1.1.post1.tar.gz"
            }
        ],
        "1.2": [
            {
                "comment_text": "",
                "digests": {
                    "md5": "c6f1362699761df5fdd2012545fe84f4",
                    "sha256": "1d5b9b208938d637263d4d40f7841aa84164fd3fa128b633df55602c04fba60b"
                },
                "downloads": -1,
                "filename": "logging-formatter-anticrlf-1.2.tar.gz",
                "has_sig": false,
                "md5_digest": "c6f1362699761df5fdd2012545fe84f4",
                "packagetype": "sdist",
                "python_version": "source",
                "requires_python": null,
                "size": 3986,
                "upload_time": "2019-01-20T16:20:51",
                "url": "https://files.pythonhosted.org/packages/4f/6f/91f11782adbf1a0993a315e422416af45d83550f21844c08f79edb46bc10/logging-formatter-anticrlf-1.2.tar.gz"
            }
        ]
    },
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "md5": "c6f1362699761df5fdd2012545fe84f4",
                "sha256": "1d5b9b208938d637263d4d40f7841aa84164fd3fa128b633df55602c04fba60b"
            },
            "downloads": -1,
            "filename": "logging-formatter-anticrlf-1.2.tar.gz",
            "has_sig": false,
            "md5_digest": "c6f1362699761df5fdd2012545fe84f4",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": null,
            "size": 3986,
            "upload_time": "2019-01-20T16:20:51",
            "url": "https://files.pythonhosted.org/packages/4f/6f/91f11782adbf1a0993a315e422416af45d83550f21844c08f79edb46bc10/logging-formatter-anticrlf-1.2.tar.gz"
        }
    ]
}