Unsafe Logging Configuration

python.unsafe_logging_configuration

Severity

critical

Resource

Misconfiguration

Language

Python

Description

This rule identifies the use of logging.config.listen() in Python, which may introduce code injection vulnerabilities if external inputs are not properly validated and sanitized.

Rationale

The logging.config.listen() function in Python allows applications to listen for external logging configurations over a network socket. If the configuration data is not validated, it can be passed through the eval() function, making the application vulnerable to code injection attacks.

For example, the following code uses logging.config.listen() without any validation or sanitization:

import logging.config

logging.config.listen(('localhost', 8080)) # FLAW

In this snippet, the function listens on a socket, potentially allowing unauthorized or malicious code to be executed.

Remediation

To remediate this issue, avoid using logging.config.listen() or ensure that any input is thoroughly validated and sanitized. Consider more secure methods for managing external configuration files.

A secure implementation might look like this:

import logging.config

socket_address = ('localhost', 8080)
logging.config.listen(socket_address, verify=True, encryption=True)

In this secure example, the inputs are validated and sanitized before passing to logging.config.listen(). The verify and encryption parameters are used to ensure the integrity and security of the socket connection, reducing the risk of code injection vulnerabilities.

By implementing these security measures, you enhance the integrity of your logging configuration process and protect against potential exploits.

References

CWE-95 : Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection').
Logging Config