我使用新的EventSource类从我的应用程序写入Windows事件日志,到目前为止它非常棒。但是,我观察到有两件事情导致了可能相关的问题:传递给Event属性的格式字符串在写入事件日志之前似乎没有经过正常的string.Format处理。
考虑这个块:
[Event((int)LogEvent.UserCreated, Keywords=Keywords.Directory, Channel=EventChannel.Operational,
Message="Created username {0} with forum post signature {1} and homepage {2}.")]
public void UserCreated(string username, string signature, string homepageAddress)
{
WriteEvent((int)LogEvent.UserCreated, username, signature, homepageAddress);
}
发生了一些事情:
我假设如果ETW存在转义字符,它可以用于将换行符放在格式字符串中,并且还允许我预处理我的字符串值以防止这些sql注入样式错误。
是否存在这样的转义字符?这通常是怎么做的?
答案 0 :(得分:8)
EventSource清单生成器执行的转换是
{0} -> %1
...
{n} -> %(n+1)
& -> &
< -> <
> -> >
' -> '
" -> "
作为参考,转换发生在string EventProviderBase.TranslateToManifestConvention(string)。
然后你最终得到了消息编译器。 Escapes are as follows:
%n[!format_specifier!] Describes an insert. Each insert is an entry in the
Arguments array in the FormatMessage function. The value of n can be a number
between 1 and 99. The format specifier is optional. If no value is specified,
the default is !s!. For information about the format specifier, see wsprintf.
The format specifier can use * for either the precision or the width. When
specified, they consume inserts numbered n+1 and n+2.
%0 Terminates a message text line without a trailing newline character. This can
be used to build a long line or terminate a prompt message without a trailing
newline character.
%. Generates a single period. This can be used to display a period at the
beginning of a line, which would otherwise terminate the message text.
%! Generates a single exclamation point. This can be used to specify an
exclamation point immediately after an insert.
%% Generates a single percent sign.
%n Generates a hard line break when it occurs at the end of a line. This can be
used with FormatMessage to ensure that the message fits a certain width.
%b Generates a space character. This can be used to ensure an appropriate number
of trailing spaces on a line.
%r Generates a hard carriage return without a trailing newline character.