fix: do not pass extra arg to logging.error

vladimir-mencl-eresearch · vladimir-mencl-eresearch · commit bf39e0688fa2 · 2021-09-10T14:06:50.000+12:00
SATOSA formats all log messages explicitly before passing them to the logger.

Python logging formats messages if it receives extra args in the call,
otherwise pass them straight through.

This call to logger.error in _run_bound_endpoint was (accidentally)
passing an extra argument error.state, causing logging to do another
round of formatting on an already formatted message.

This is dangerous, as the text of the (already formatted) message may contain
externally supplied data - such as the redirect URI with URI-encoded data like %3A#2F
(which in best part just throw another exception - "Unknown formatting character A")

State is already included in the explicit message formatting, so the extra argument
here should be safe to remove.
diff --git a/src/satosa/base.py b/src/satosa/base.py
@@ -185,7 +185,7 @@ def _run_bound_endpoint(self, context, spec):
                 err_id=error.error_id, state=state
             )
             logline = lu.LOG_FMT.format(id=lu.get_session_id(context.state), message=msg)
-            logger.error(logline, error.state, exc_info=True)
+            logger.error(logline, exc_info=True)
             return self._handle_satosa_authentication_error(error)
 
     def _load_state(self, context):

Original file line number	Diff line number	Diff line change
`@@ -185,7 +185,7 @@ def _run_bound_endpoint(self, context, spec):`
`185`	`185`	`err_id=error.error_id, state=state`
`186`	`186`	`)`
`187`	`187`	`logline = lu.LOG_FMT.format(id=lu.get_session_id(context.state), message=msg)`
`188`		`- logger.error(logline, error.state, exc_info=True)`
	`188`	`+ logger.error(logline, exc_info=True)`
`189`	`189`	`return self._handle_satosa_authentication_error(error)`
`190`	`190`
`191`	`191`	`def _load_state(self, context):`