如何在Logback中避免CRLF(回车和换行) - CWE 117

时间:2015-01-15 17:22:28

标签: security logback carriage-return linefeed log-forging

我正在使用Logback,我需要在记录用户参数时避免使用CRLF(回车和换行)。
我试图在静态地图PatternLayout.defaultConverterMap上添加我的类,它扩展了ClassicConverter,但它没有用。

谢谢,

2 个答案:

答案 0 :(得分:1)

您应该按照logback documentation

中的说明创建自定义布局

自定义布局:

package com.foo.bar;

import ch.qos.logback.classic.PatternLayout;
import ch.qos.logback.classic.spi.ILoggingEvent;

public class RemoveCRLFLayout extends PatternLayout {

    @Override
    public String doLayout(ILoggingEvent event) {
        return super.doLayout(event).replaceAll("(\\r|\\n)", "");
    }

}

Logback配置:

<encoder class="ch.qos.logback.core.encoder.LayoutWrappingEncoder">
    <layout class="com.foo.bar.RemoveCRLFLayout">
        <pattern>%d %t %-5p %logger{16} - %m%n</pattern>
    </layout>
</encoder>

答案 1 :(得分:0)

def train_step(self, data): with tf.GradientTape() as tape: # exp_data, label_data = data z_mean, z_log_var, z, zc = self.encoder(data) #form_data = np.concatenate(data) reconstruction = self.decoder(zc) data_cat = layers.concatenate([data[0][0],data[0][1]], axis=1) reconstruction_loss = tf.reduce_mean( tf.reduce_sum( keras.losses.mean_squared_error(data_cat, reconstruction) ) ) kl_loss = -0.5 * (1 + z_log_var - tf.square(z_mean) - tf.exp(z_log_var)) kl_loss = tf.reduce_mean(tf.reduce_sum(kl_loss, axis=1)) total_loss = reconstruction_loss + kl_loss grads = tape.gradient(total_loss, self.trainable_weights) self.optimizer.apply_gradients(zip(grads, self.trainable_weights)) self.total_loss_tracker.update_state(total_loss) self.reconstruction_loss_tracker.update_state(reconstruction_loss) self.kl_loss_tracker.update_state(kl_loss) return { "loss": self.total_loss_tracker.result(), "reconstruction_loss": self.reconstruction_loss_tracker.result(), "kl_loss": self.kl_loss_tracker.result(), } ;

ch.qos.logback.core.CoreConstants

public static final String LINE_SEPARATOR = System.getProperty("line.separator"); 

ch.qos.logback.classic.pattern.LineSeparatorConverter

public String convert(ILoggingEvent event) { return CoreConstants.LINE_SEPARATOR; } 

package ch.qos.logback.classic.PatternLayout

因此确保固定行结束的正确方法是属性 defaultConverterMap.put("n", LineSeparatorConverter.class.getName());

line.separator 的实现相同:

java.lang.System.lineSeparator()
相关问题
最新问题