ztzg commented on pull request #1519: URL: https://github.com/apache/zookeeper/pull/1519#issuecomment-725554240
PR summary updated as it will end up in the commit message. The previous one was: > This is a first iteration of a set of mitigations for the issue reported in ZOOKEEPER-3979, > "Clients can corrupt the audit log." > > As far as I can tell, the first commit (allow disabling "digest") is sufficient for plugging the hole. > > The second commit is just a small cleanup. > > The functionality provided by the third commit is probably overkill. I haven't written a test for it yet, and am tempted to just drop it—but I have included it to give you a chance of chiming in. (I'll also use it as an opportunity to ask: is using Java 8+ streams okay for new code, or is a more traditional Java style preferred?) > > I was considering adding a "fourth commit," making sure field values written to audit log entries are systematically escaped, but am not sure which encoding to use. Is there a precedent in the code base? In any case, a subset of URL encoding may be good enough; e.g.: `%` → `%25`, `\t` → `%09`, `\n` → `%0A`, and everything non-ASCII to %-encoded UTF-8 bytes. WDYT? ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
