mirror of
https://github.com/digital-asset/daml.git
synced 2024-09-20 09:17:43 +03:00
f146bc814b
* Escape daml-lf tracelog messages Currently veracode complains because this allows for clrf injection (injecting newlines to make user input look like separate log statements). With this change ``` debug "abc" debug "eaiu\neaiu" debug "def" debugRaw "abc ``` is logged as ``` [DA.Internal.Prelude:555]: \"abc\" [DA.Internal.Prelude:555]: \"eaiu\neaiu\" [DA.Internal.Prelude:555]: \"def\" [DA.Internal.Prelude:555]: abc ``` You can debate whether we should escape the quotes are necessary but 90% of the reason why people add them is because they call `debug` on strings when they should be using `debugRaw` so this seems fine to me. changelog_begin changelog_end * fix tests changelog_begin changelog_end |
||
---|---|---|
.. | ||
converter | ||
daml | ||
export | ||
runner | ||
test |