diff options
| author | Vinay Sajip <vinay_sajip@yahoo.co.uk> | 2022-01-06 22:35:08 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-01-06 22:35:08 (GMT) |
| commit | 46c7a6566bca2e974a89c90c35ed1c498d9d3b02 (patch) | |
| tree | caf82e8516d79f9edc504531c47917f2423b3b1d /Doc | |
| parent | c9137d4b638c0699b904011cafe68895d28dd80b (diff) | |
| download | cpython-46c7a6566bca2e974a89c90c35ed1c498d9d3b02.zip cpython-46c7a6566bca2e974a89c90c35ed1c498d9d3b02.tar.gz cpython-46c7a6566bca2e974a89c90c35ed1c498d9d3b02.tar.bz2 | |
bpo-46251: Add 'Security Considerations' section to logging configura… (GH-30411)
Diffstat (limited to 'Doc')
| -rw-r--r-- | Doc/library/logging.config.rst | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/Doc/library/logging.config.rst b/Doc/library/logging.config.rst index 5a3e686..a1b8dc7 100644 --- a/Doc/library/logging.config.rst +++ b/Doc/library/logging.config.rst @@ -191,6 +191,20 @@ in :mod:`logging` itself) and defining handlers which are declared either in :func:`listen`. +Security considerations +^^^^^^^^^^^^^^^^^^^^^^^ + +The logging configuration functionality tries to offer convenience, and in part this +is done by offering the ability to convert text in configuration files into Python +objects used in logging configuration - for example, as described in +:ref:`logging-config-dict-userdef`. However, these same mechanisms (importing +callables from user-defined modules and calling them with parameters from the +configuration) could be used to invoke any code you like, and for this reason you +should treat configuration files from untrusted sources with *extreme caution* and +satisfy yourself that nothing bad can happen if you load them, before actually loading +them. + + .. _logging-config-dictschema: Configuration dictionary schema |