Class LogSafe
Single canonical implementation of log-string sanitization, shared across all opencode-base
modules to prevent CWE-117 (CRLF / log-injection) when interpolating untrusted-or-remote-
controlled values into log messages. Replaces all ASCII control characters
(0x00..0x1F), DEL (0x7F), and Unicode bidirectional override characters
(U+202A..U+202E, U+2066..U+2069) with '_'.
opencode-base 各模块共享的日志字符串脱敏规范实现,防御 CWE-117(CRLF / 日志注入)。
把所有 ASCII 控制字符(0x00..0x1F)、DEL(0x7F)以及 Unicode 双向覆盖字符
(U+202A..U+202E、U+2066..U+2069)替换为 '_'。
Why a shared implementation: rounds 3–7 of the V1.0.4 sec audit identified
5 separate sanitizeForLog implementations diverging in scope (some only filter
\r\n, leaving DEL / TAB / Bidi-override unfiltered). Centralising here eliminates the
"one site updated, four still wrong" maintenance trap and gives a single audit surface for
future hardening.
为何统一实现:V1.0.4 sec 审计 round 3–7 发现 5 处独立 sanitizeForLog
实现范围不一(部分仅过滤 \r\n,遗漏 DEL/TAB/Bidi 覆盖字符)。集中于此消除"一处改了
其他四处仍错"的维护陷阱,并为未来加固提供单一审计面。
Security | 安全性:
- Thread-safe: Yes (stateless utility) - 线程安全:是(无状态工具)
- Defends against: CWE-117 (CRLF injection), log-line forgery via Bidi spoofing, null-byte truncation in C-backed log appenders
- 防御:CWE-117 (CRLF 注入)、Bidi 欺骗伪造日志行、C 后端日志 appender 的 null 字节截断
- Since:
- JDK 25, opencode-base-core V1.0.4
- Author:
- Leon Soo www.LeonSoo.com
- See Also:
-
Method Summary
-
Method Details
-
sanitize
Returns a copy ofvaluewith CR / LF / control characters / DEL / Bidi override characters replaced by'_'. Returns"null"(the literal four-character string) for anullinput so callers can interpolate the result directly into log format strings without further null-checking. 返回value的副本,CR/LF/控制字符/DEL/Bidi 覆盖字符替换为'_'。null输入返回字面字符串"null",调用方可直接插值到日志格式串中无需再判 null。- Parameters:
value- the log message fragment to sanitize | 待脱敏的日志消息片段- Returns:
- sanitized copy, or
"null"if input was null | 脱敏后的副本,若输入为 null 则返回"null"
-