Re: JSON logging ?
On Dec 11, 2012 7:33 AM, Bart Thate feedbackf...@gmail.com wrote: snip pickle uses eval still ? or is is considered safe now ? i was told not to use eval() stuff on data. I don't believe pickle uses eval() per se, but per the red warning box in its docs, it's still not safe when given untrusted input. IIRC, among other things, in order to unpickle non-built-in classes, it is capable of performing imports; this feature is rife for abuse by an adversary. -- http://mail.python.org/mailman/listinfo/python-list
Re: JSON logging ?
Thanks for your reply Chris, good to be updated on the pickle stuff, too bad it is still not safe for use. But hee i prefer JSON above pickle anyways so ;] As to using the logging package to send JSON dict over, the logging stuff should be able to be converted to handle that. Just 2 things that need to be changes. The logging package basically sends over an dict as well.. makePickle on the SocketHandler in order to send JSON instead of pickled stuff def makePickle(self, record): Pickles the record in binary format with a length prefix, and returns it ready for transmission across the socket. ei = record.exc_info if ei: # just to get traceback text into record.exc_text ... dummy = self.format(record) # See issue #14436: If msg or args are objects, they may not be # available on the receiving end. So we convert the msg % args # to a string, save it as msg and zap the args. d = dict(record.__dict__) d['msg'] = record.getMessage() d['args'] = None d['exc_info'] = None s = pickle.dumps(d, 1) slen = struct.pack(L, len(s)) return slen + s and this function on the receiving end to convert the JSON stuff back to a logging record (want to hook more stuff into this function, such that the send JSON is converted into an events that gets send to my callback handlers.) def makeLogRecord(dict): Make a LogRecord whose attributes are defined by the specified dictionary, This function is useful for converting a logging event received over a socket connection (which is sent as a dictionary) into a LogRecord instance. rv = _logRecordFactory(None, None, , 0, , (), None, None) rv.__dict__.update(dict) return rv What i don't see though is where the receiving code recides ? How am i supposed to handle logrecords that are coming from remote, as better phrased maybe .. where can i hook my (changed) makeLogRecord into ? Thnx for the reply dude, helps me enormously ;] Bart On Wed, Dec 12, 2012 at 6:33 PM, Chris Rebert c...@rebertia.com wrote: On Dec 11, 2012 7:33 AM, Bart Thate feedbackf...@gmail.com wrote: snip pickle uses eval still ? or is is considered safe now ? i was told not to use eval() stuff on data. I don't believe pickle uses eval() per se, but per the red warning box in its docs, it's still not safe when given untrusted input. IIRC, among other things, in order to unpickle non-built-in classes, it is capable of performing imports; this feature is rife for abuse by an adversary. -- http://mail.python.org/mailman/listinfo/python-list
Re: JSON logging ?
Ha ! spoke too soon. Was reading this: http://docs.python.org/2/howto/logging-cookbook.htmhttp://docs.python.org/2/howto/logging-cookbook.html which explains it all ;] Place to be is the LogRecordStreamHandler ;] Something to play with, first trying out to get a communication channel running over DCC CHAT ... On Wed, Dec 12, 2012 at 8:17 PM, Bart Thate feedbackf...@gmail.com wrote: Thanks for your reply Chris, good to be updated on the pickle stuff, too bad it is still not safe for use. But hee i prefer JSON above pickle anyways so ;] As to using the logging package to send JSON dict over, the logging stuff should be able to be converted to handle that. Just 2 things that need to be changes. The logging package basically sends over an dict as well.. makePickle on the SocketHandler in order to send JSON instead of pickled stuff def makePickle(self, record): Pickles the record in binary format with a length prefix, and returns it ready for transmission across the socket. ei = record.exc_info if ei: # just to get traceback text into record.exc_text ... dummy = self.format(record) # See issue #14436: If msg or args are objects, they may not be # available on the receiving end. So we convert the msg % args # to a string, save it as msg and zap the args. d = dict(record.__dict__) d['msg'] = record.getMessage() d['args'] = None d['exc_info'] = None s = pickle.dumps(d, 1) slen = struct.pack(L, len(s)) return slen + s and this function on the receiving end to convert the JSON stuff back to a logging record (want to hook more stuff into this function, such that the send JSON is converted into an events that gets send to my callback handlers.) def makeLogRecord(dict): Make a LogRecord whose attributes are defined by the specified dictionary, This function is useful for converting a logging event received over a socket connection (which is sent as a dictionary) into a LogRecord instance. rv = _logRecordFactory(None, None, , 0, , (), None, None) rv.__dict__.update(dict) return rv What i don't see though is where the receiving code recides ? How am i supposed to handle logrecords that are coming from remote, as better phrased maybe .. where can i hook my (changed) makeLogRecord into ? Thnx for the reply dude, helps me enormously ;] Bart On Wed, Dec 12, 2012 at 6:33 PM, Chris Rebert c...@rebertia.com wrote: On Dec 11, 2012 7:33 AM, Bart Thate feedbackf...@gmail.com wrote: snip pickle uses eval still ? or is is considered safe now ? i was told not to use eval() stuff on data. I don't believe pickle uses eval() per se, but per the red warning box in its docs, it's still not safe when given untrusted input. IIRC, among other things, in order to unpickle non-built-in classes, it is capable of performing imports; this feature is rife for abuse by an adversary. -- http://mail.python.org/mailman/listinfo/python-list
JSON logging ?
Is it possible to change hooks or something to let the logging SocketServer stuff handle JSON instead of pickle ? I am thinking of sending my JSON dict data through the logging system to remote. A default standard way to send stuff back and forth would be welcome here. pickle uses eval still ? or is is considered safe now ? i was told not to use eval() stuff on data. Strange thing i never thought of using the logging plugin to send stuff remote. -- http://mail.python.org/mailman/listinfo/python-list
