digital-asset/daml
1
1
Fork 0
mirror of https://github.com/digital-asset/daml.git synced 2024-09-20 09:17:43 +03:00
Code Issues Projects Releases Wiki Activity
f146bc814b
daml/daml-script
History
Moritz Kiefer f146bc814b
Escape daml-lf tracelog messages (#12116) 
* Escape daml-lf tracelog messages

Currently veracode complains because this allows for clrf
injection (injecting newlines to make user input look like separate
log statements).

With this change
```
debug "abc"
debug "eaiu\neaiu"
debug "def"
debugRaw "abc
```

is logged as

```
[DA.Internal.Prelude:555]: \"abc\"
[DA.Internal.Prelude:555]: \"eaiu\neaiu\"
[DA.Internal.Prelude:555]: \"def\"
[DA.Internal.Prelude:555]: abc
```

You can debate whether we should escape the quotes are necessary but
90% of the reason why people add them is because they call `debug` on
strings when they should be using `debugRaw` so this seems fine to me.

changelog_begin
changelog_end

* fix tests

changelog_begin
changelog_end
2021-12-14 11:20:33 +01:00
..
converter Drop 2.12 versioned_scala_deps (#11748) 2021-11-17 22:13:08 +00:00
daml Support multiple participant in daml script’s user management (#12091) 2021-12-10 15:08:28 +01:00
export Limit supported input versions in damlc to >= LF 1.8 (#11905) 2021-11-30 17:24:08 +01:00
runner Support multiple participant in daml script’s user management (#12091) 2021-12-10 15:08:28 +01:00
test Escape daml-lf tracelog messages (#12116) 2021-12-14 11:20:33 +01:00