JSON logging ?
feedbackflow at gmail.com
Wed Dec 12 20:17:32 CET 2012
Thanks for your reply Chris,
good to be updated on the pickle stuff, too bad it is still not safe for
use. But hee i prefer JSON above pickle anyways so ;]
As to using the logging package to send JSON dict over, the logging stuff
should be able to be converted to handle that. Just 2 things that need to
be changes. The logging package basically sends over an dict as well..
makePickle on the SocketHandler in order to send JSON instead of pickled
def makePickle(self, record):
Pickles the record in binary format with a length prefix, and
returns it ready for transmission across the socket.
ei = record.exc_info
# just to get traceback text into record.exc_text ...
dummy = self.format(record)
# See issue #14436: If msg or args are objects, they may not be
# available on the receiving end. So we convert the msg % args
# to a string, save it as msg and zap the args.
d = dict(record.__dict__)
d['msg'] = record.getMessage()
d['args'] = None
d['exc_info'] = None
s = pickle.dumps(d, 1)
slen = struct.pack(">L", len(s))
return slen + s
and this function on the receiving end to convert the JSON stuff back to a
logging record (want to hook more stuff into this function, such that the
send JSON is converted into an events that gets send to my callback
Make a LogRecord whose attributes are defined by the specified
This function is useful for converting a logging event received over
a socket connection (which is sent as a dictionary) into a LogRecord
rv = _logRecordFactory(None, None, "", 0, "", (), None, None)
What i don't see though is where the receiving code recides ?
How am i supposed to handle logrecords that are coming from remote, as
better phrased maybe .. where can i hook my (changed) makeLogRecord into ?
Thnx for the reply dude, helps me enormously ;]
On Wed, Dec 12, 2012 at 6:33 PM, Chris Rebert <clp2 at rebertia.com> wrote:
> On Dec 11, 2012 7:33 AM, "Bart Thate" <feedbackflow at gmail.com> wrote:
> > pickle uses eval still ? or is is considered safe now ? i was told not
> to use eval() stuff on data.
> I don't believe pickle uses eval() per se, but per the red warning box in
> its docs, it's still not safe when given untrusted input. IIRC, among other
> things, in order to unpickle non-built-in classes, it is capable of
> performing imports; this feature is rife for abuse by an adversary.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Python-list