{"library":"logging-formatter-anticrlf","title":"Anti-CRLF Logging Formatter","description":"logging-formatter-anticrlf is a Python logging Formatter designed to prevent CRLF Injection (CWE-93 / CWE-117) by sanitizing log messages. It ensures that newline characters and other control characters are properly escaped or removed, mitigating the risk of log forging attacks. The current version is 1.2.1, and it maintains a focused feature set with stable, infrequent releases.","language":"python","status":"active","last_verified":"Fri Apr 17","install":{"commands":["pip install logging-formatter-anticrlf"],"cli":null},"imports":["from logging_formatter_anticrlf import AntiCRLFFormatter"],"auth":{"required":false,"env_vars":[]},"quickstart":{"code":"import logging\nimport sys\nfrom logging_formatter_anticrlf import AntiCRLFFormatter\n\n# Configure the logger\nlogger = logging.getLogger(__name__)\nlogger.setLevel(logging.INFO)\n\n# Create a console handler\nhandler = logging.StreamHandler(sys.stdout)\nhandler.setLevel(logging.INFO)\n\n# Create an AntiCRLFFormatter and set it on the handler\n# The formatter will sanitize the message before output\nformatter = AntiCRLFFormatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s')\nhandler.setFormatter(formatter)\n\n# Add the handler to the logger\nlogger.addHandler(handler)\n\n# Test messages with potential CRLF injection\nlogger.info(\"This is a safe log message.\")\nlogger.info(\"User input: %s\", \"username%0D%0Aevil_injection\")\nlogger.warning(\"Another line for a multi-line attack: %s\", \"value\\nmalicious\")\n\n# Expected output: Newlines and carriage returns will be replaced or escaped in the output.","lang":"python","description":"This quickstart demonstrates how to integrate `AntiCRLFFormatter` into a standard Python logging setup. It shows how to instantiate the formatter and apply it to a `StreamHandler` to sanitize log messages before they are written to the console, preventing CRLF injection.","tag":null,"tag_description":null,"last_tested":null,"results":[]},"compatibility":null}