sdk/python/File System/PyLogging

PyLogging

The logging module. Most uses are neutral. Log-injection findings arise when user-controlled data is logged without sanitization — attackers can break log line boundaries with \n or forge subsequent log entries.

4 sinks

Taint flow0 sources → 4 sinks

Sinks — dangerous call

.info()Writes an info log

.error()Writes an error log

.warning()Writes a warning log

.debug()Writes a debug log

Sinks

— dangerous functions taint must not reach

.info()Sink

Signature

logging.info(msg, *args, **kwargs) -> None

Writes an info log. Log-injection sink when msg is tainted and contains newlines.

tracks:0

.error()Sink

Signature

logging.error(msg, *args, **kwargs) -> None

Writes an error log. Log-injection sink.

tracks:0

.warning()Sink

Signature

logging.warning(msg, *args, **kwargs) -> None

Writes a warning log. Log-injection sink.

tracks:0

.debug()Sink

Signature

logging.debug(msg, *args, **kwargs) -> None

Writes a debug log. Log-injection sink.

tracks:0

Fully-Qualified Names

FQN	Field
logging	fqns[0]

Wrong FQN → 0 findings. Verify with: change fqns to garbage → must produce 0 results.

Import

rule.py

from codepathfinder.go_rule import PyLogging

← PreviousPyGlob

Next →PyMimetypes