From f3b8cdd65ff6f14850613a8b746cd72a8552a493 Mon Sep 17 00:00:00 2001
From: thangbn <bob.bui@outlook.com>
Date: Sat, 20 Jul 2019 01:36:23 -0700
Subject: [PATCH] prevent log forging, fix #1

---
 CHANGELOG.md             | 3 +++
 json_logging/__init__.py | 9 ++++++---
 setup.py                 | 2 +-
 3 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 333dc8a..18b0744 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,9 @@ All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).  
 The format is based on [Keep a Changelog](http://keepachangelog.com/).
 
+## 1.0.1 - 2019-07-20
+ - prevent log forging, fix #1
+
 ## 1.0.0 - 2019-07-20
 Breaking change:
  - add more specific init method for each framework
diff --git a/json_logging/__init__.py b/json_logging/__init__.py
index f07b2cd..73ca9c2 100644
--- a/json_logging/__init__.py
+++ b/json_logging/__init__.py
@@ -233,6 +233,10 @@ def format(self, record):
         return JSON_SERIALIZER(json_log_object)
 
 
+def _sanitize_log_msg(record):
+    return record.getMessage().replace('\n', '_').replace('\r', '_').replace('\t', '_')
+
+
 class JSONLogFormatter(logging.Formatter):
     """
     Formatter for non-web application log
@@ -266,9 +270,8 @@ def format(self, record):
                            "level": record.levelname,
                            "line_no": record.lineno,
                            "module": record.module,
-                           "msg": record.getMessage(),
+                           "msg": _sanitize_log_msg(record),
                            }
-
         if hasattr(record, 'props'):
             json_log_object.update(record.props)
 
@@ -312,7 +315,7 @@ def format(self, record):
                            "module": record.module,
                            "line_no": record.lineno,
                            "correlation_id": _request_util.get_correlation_id(),
-                           "msg": record.getMessage()
+                           "msg": _sanitize_log_msg(record)
                            }
 
         if hasattr(record, 'props'):
diff --git a/setup.py b/setup.py
index 751a1f4..03ac7b6 100644
--- a/setup.py
+++ b/setup.py
@@ -12,7 +12,7 @@
 
 setup(
     name="json-logging",
-    version='1.0.0',
+    version='1.0.1',
     packages=find_packages(exclude=['contrib', 'docs', 'tests*', 'example', 'dist', 'build']),
     license='Apache License 2.0',
     description="JSON Python Logging",