prevent log forging, fix #1

Author: bobbui

CHANGELOG.md

@@ -4,6 +4,9 @@ All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).  
 The format is based on [Keep a Changelog](http://keepachangelog.com/).
 
+## 1.0.1 - 2019-07-20
+ - prevent log forging, fix #1
+
 ## 1.0.0 - 2019-07-20
 Breaking change:
  - add more specific init method for each framework

json_logging/__init__.py

@@ -233,6 +233,10 @@ def format(self, record):
         return JSON_SERIALIZER(json_log_object)
 
 
+def _sanitize_log_msg(record):
+    return record.getMessage().replace('\n', '_').replace('\r', '_').replace('\t', '_')
+
+
 class JSONLogFormatter(logging.Formatter):
     """
     Formatter for non-web application log
@@ -266,9 +270,8 @@ def format(self, record):
                            "level": record.levelname,
                            "line_no": record.lineno,
                            "module": record.module,
-                           "msg": record.getMessage(),
+                           "msg": _sanitize_log_msg(record),
                            }
-
         if hasattr(record, 'props'):
             json_log_object.update(record.props)
 
@@ -312,7 +315,7 @@ def format(self, record):
                            "module": record.module,
                            "line_no": record.lineno,
                            "correlation_id": _request_util.get_correlation_id(),
-                           "msg": record.getMessage()
+                           "msg": _sanitize_log_msg(record)
                            }
 
         if hasattr(record, 'props'):

setup.py

@@ -12,7 +12,7 @@
 
 setup(
     name="json-logging",
-    version='1.0.0',
+    version='1.0.1',
     packages=find_packages(exclude=['contrib', 'docs', 'tests*', 'example', 'dist', 'build']),
     license='Apache License 2.0',
     description="JSON Python Logging",