逃避ETW格式字符串的字符？ [英] Escape characters in ETW format strings?

问题描述

我使用的是新的EventSource类从我的应用程序写入Windows事件日志，到目前为止，它的伟大。然而，有两件事情，我观察到正在引起那些可能相关的问题：传递给事件的格式字符串属性似乎没有被写入事件日志之前经过正常的String.Format处理

考虑此块：

  [事件（（INT）LogEvent.UserCreated，关键词= Keywords.Directory，海峡= EventChannel.Operational，
消息=创建用户名{0}论坛的帖子签名{1}和网页{2}）] 
公共无效UserCreated（用户名字符串，字符串签名，串homepageAddress）
 {
 WriteEvent（（INT）LogEvent.UserCreated，用户名，签名，homepageAddress）; 
} 
  

发生几件事情：

• 如果我尝试插入\\\
  成格式字符串的消息，不换行打印在事件日志中。


• 如果在签名字符串包含一个换行符，换行是在事件日志中自然地打印出来。


• 如果签名或homepageAddress字符串包含ETW般的记号（％1％2或％3）然后ETW始于变量替换那些伪令牌自己，我结束了嵌套在自己的变量。

我认为，如果有对ETW转义字符，它可以用来放换行符格式字符串，也可以让我预先处理我的字符串值，以防止这些SQL注入式的错误。

做这样一个转义字符存在吗？这是如何通常做什么？

解决方案

由EventSource的清单发生器进行翻译

<预类=郎无prettyprint-覆盖> {0} - > ％1
：
{N} - > ％（N + 1）

和; - > &放大器;放大器;
< - > &放大器; LT;
> - > &放大器; GT;
' - > &安培;者;
- >&安培; QUOT;


有关参考，转换发生在<一HREF =htt​​p://referencesource.microsoft.com/#mscorlib/system/dia​​gnostics/eventing/eventproviderbase.cs#63a4b0ca2176e735#references相对=nofollow> 字符串EventProviderBase.TranslateToManifestConvention（串） 。

然后在消息编译器中结束。的逃逸如下：

<前类=郎无prettyprint-覆盖> ％N [！format_specifier！]介绍了一个插入。每次插入是在函数FormatMessage的
参数数组中的一个项目。的价值n可以是1至99格式说明是可选之间的一个数
。如果没有指定值，
默认为！小号！有关格式说明的信息，请参阅wsprintf
中的格式说明可以使用*为无论是精度或宽度。当
规定，他们消耗N + 1和N + 2的编号插入。

％0终止而不尾随换行符的消息文本行。这可以
可以用来建立一个长线或终止提示信息没有尾随
换行符。

％。产生一个周期。这可以被用来显示一周期在一行，否则将终止消息文本的
开始。

％！生成一个感叹号。这可以用来插入后立即指定
惊叹号。

%%生成一个百分号。当它出现在一行的末尾

％N生成一个硬换行。这可以是具有的FormatMessage用于确保该消息适合于一定的宽度
。

％B生成一个空格字符。这可以用来确保在线路尾部的空格的适当数量
。

％R生成无尾随换行符硬回车。


I'm using the new EventSource class to write to the Windows Event log from my applications, and so far it's great. However, there are two things that I observe that are causing problems that are probably related: the format strings passed to the Event attribute don't appear to undergo normal string.Format processing before being written to the event log.

Consider this block:

[Event((int)LogEvent.UserCreated, Keywords=Keywords.Directory, Channel=EventChannel.Operational,
Message="Created username {0} with forum post signature {1} and homepage {2}.")]
public void UserCreated(string username, string signature, string homepageAddress)
{
    WriteEvent((int)LogEvent.UserCreated, username, signature, homepageAddress);
}

A few things occur:

• If I try to insert a \n into the format string for the message, no newline is printed in the event log.
• If the signature string contains a newline, the newline is printed naturally in the event log.
• If the signature or homepageAddress strings contain ETW-like tokens (%1, %2, or %3), then ETW begins replacing those pseudo-tokens with the variables themselves, and I end up with variables nested within themselves.

I assume that if there was an escape character for ETW, it could be used to put newlines in format strings, and would also allow me to pre-process my string values to protect against these sql-injection style bugs.

Does such an escape character exist? How is this usually done?

解决方案

The translation performed by the EventSource manifest generator is

{0} -> %1
...
{n} -> %(n+1)

&   -> &
<   -> &lt;
>   -> &gt;
'   -> &apos;
"   -> &quot;

For reference, the conversion happens in string EventProviderBase.TranslateToManifestConvention(string).

Then you end up at the message compiler. Escapes are as follows:

%n[!format_specifier!]  Describes an insert. Each insert is an entry in the 
    Arguments array in the FormatMessage function. The value of n can be a number 
    between 1 and 99. The format specifier is optional. If no value is specified, 
    the default is !s!. For information about the format specifier, see wsprintf. 
    The format specifier can use * for either the precision or the width. When 
    specified, they consume inserts numbered n+1 and n+2.

%0  Terminates a message text line without a trailing newline character. This can 
    be used to build a long line or terminate a prompt message without a trailing 
    newline character.

%.  Generates a single period. This can be used to display a period at the 
    beginning of a line, which would otherwise terminate the message text.

%!  Generates a single exclamation point. This can be used to specify an 
    exclamation point immediately after an insert.

%%  Generates a single percent sign.

%n  Generates a hard line break when it occurs at the end of a line. This can be 
    used with FormatMessage to ensure that the message fits a certain width.

%b  Generates a space character. This can be used to ensure an appropriate number 
    of trailing spaces on a line.

%r  Generates a hard carriage return without a trailing newline character.

这篇关于逃避ETW格式字符串的字符？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！