itsscb/tracing
1
0
Fork 0
mirror of https://github.com/tokio-rs/tracing.git synced 2025-10-02 15:24:47 +00:00
Code Issues Packages Projects Releases Wiki Activity
tracing/tracing-subscriber/tests
History
Carl Lerche 4c52ca5266
fmt: fix ANSI escape sequence injection vulnerability (#3368) 
Fixes a security vulnerability where ANSI escape sequences in user input
could be injected into terminal output, potentially allowing attackers to
manipulate terminal behavior through log messages and error displays.

The vulnerability occurred when user-controlled content was formatted using
Display (`{}`) instead of Debug (`{:?}`) formatting, allowing raw ANSI
sequences to pass through unescaped.

Changes:
- Add streaming ANSI escape wrapper to avoid string allocations
- Escape message content in default and pretty formatters
- Escape error Display content in all error formatting paths
- Add comprehensive integration tests for all formatter types

The fix specifically targets untrusted user input while preserving the
ability for applications to deliberately include formatting in trusted
contexts like thread names.

Security impact: Prevents terminal injection attacks such as title bar
manipulation, screen clearing, and other malicious terminal control
sequences that could be injected through log messages.
2025-08-29 19:08:48 +00:00
..
env_filter
subscriber: increase EnvFilter test coverage (#3262)
2025-06-03 09:47:35 +02:00
layer_filters
chore: fix new Clippy lints in Rust 1.83.0 (#3165)
2024-11-29 16:51:58 +01:00
ansi_escaping.rs
fmt: fix ANSI escape sequence injection vulnerability (#3368)
2025-08-29 19:08:48 +00:00
cached_layer_filters_dont_break_other_layers.rs
mock: change helper functions to expect::<thing> (#2377)
2023-10-01 10:46:02 -07:00
duplicate_spans.rs
tests: put mocking functionality into a crate (#2009)
2022-03-29 16:20:56 -07:00
event_enabling.rs
core, subscriber: add event_enabled to filter events on fields (#2008)
2022-06-22 15:01:24 -07:00
field_filter.rs
mock: change helper functions to expect::<thing> (#2377)
2023-10-01 10:46:02 -07:00
filter_log.rs
mock: change helper functions to expect::<thing> (#2377)
2023-10-01 10:46:02 -07:00
fmt_max_level_hint.rs
subscriber: add feature flags to tests (#1532)
2021-09-02 10:43:34 -07:00
hinted_layer_filters_dont_break_other_layers.rs
mock: change helper functions to expect::<thing> (#2377)
2023-10-01 10:46:02 -07:00
layer_filter_interests_are_cached.rs
mock: change helper functions to expect::<thing> (#2377)
2023-10-01 10:46:02 -07:00
multiple_layer_filter_interests_cached.rs
mock: change helper functions to expect::<thing> (#2377)
2023-10-01 10:46:02 -07:00
option_filter_interest_caching.rs
subscriber: Implement layer::Filter for Option<Filter> (#2407)
2023-10-01 10:46:02 -07:00
option.rs
subscriber: fix None layers setting the max level to OFF (#2321)
2022-09-30 12:12:20 -07:00
registry_max_level_hint.rs
subscriber: add feature flags to tests (#1532)
2021-09-02 10:43:34 -07:00
registry_with_subscriber.rs
subscriber: fix clippy lints (#2191)
2022-06-30 20:12:26 +00:00
reload_max_log_level.rs
subscriber: set log max level when reloading (#1270)
2024-11-22 15:42:14 +01:00
reload.rs
subscriber: fix flaky reload tests (#2798)
2024-11-22 15:42:14 +01:00
same_len_filters.rs
mock: document public APIs in span module (#2442)
2024-11-20 15:57:49 +01:00
unhinted_layer_filters_dont_break_other_layers.rs
mock: change helper functions to expect::<thing> (#2377)
2023-10-01 10:46:02 -07:00
utils.rs
mock: change helper functions to expect::<thing> (#2377)
2023-10-01 10:46:02 -07:00
vec_subscriber_filter_interests_cached.rs
subscriber: Implement layer::Filter for Option<Filter> (#2407)
2023-10-01 10:46:02 -07:00
vec.rs
subscriber: fix max_level_hint for empty Option/Vec Layer impls (#2195)
2022-07-01 10:08:17 -07:00