mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-09-27 10:50:04 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 13

bpo-46251: Add 'Security Considerations' section to logging configura… (GH-30411)

Browse source
This commit is contained in:
Vinay Sajip 2022-01-06 22:35:08 +00:00 committed by GitHub
parent c9137d4b63
commit 46c7a6566b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 14 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

14
Doc/library/logging.config.rst
View file

@ -191,6 +191,20 @@ in :mod:`logging` itself) and defining handlers which are declared either in
:func:`listen`. :func:`listen`.
Security considerations
^^^^^^^^^^^^^^^^^^^^^^^
The logging configuration functionality tries to offer convenience, and in part this
is done by offering the ability to convert text in configuration files into Python
objects used in logging configuration - for example, as described in
:ref:`logging-config-dict-userdef`. However, these same mechanisms (importing
callables from user-defined modules and calling them with parameters from the
configuration) could be used to invoke any code you like, and for this reason you
should treat configuration files from untrusted sources with *extreme caution* and
satisfy yourself that nothing bad can happen if you load them, before actually loading
them.
.. _logging-config-dictschema: .. _logging-config-dictschema:
Configuration dictionary schema Configuration dictionary schema