distribution: prevent log entries created from user input

doringeman · doringeman · commit 6e18d9803976 · 2025-09-23T18:55:44.000+03:00
Add utils.SanitizeForLog which sanitizes a string for safe logging by removing or escaping control characters that could cause log injection attacks.

Signed-off-by: Dorin Geman &lt;dorin.geman@docker.com&gt;
diff --git a/pkg/distribution/distribution/client.go b/pkg/distribution/distribution/client.go
@@ -7,6 +7,7 @@ import (
 	"io"
 	"net/http"
 
+	"github.com/docker/model-runner/pkg/distribution/internal/utils"
 	"github.com/sirupsen/logrus"
 
 	"github.com/docker/model-runner/pkg/distribution/internal/progress"
@@ -134,7 +135,7 @@ func NewClient(opts ...Option) (*Client, error) {
 
 // PullModel pulls a model from a registry and returns the local file path
 func (c *Client) PullModel(ctx context.Context, reference string, progressWriter io.Writer) error {
-	c.log.Infoln("Starting model pull:", reference)
+	c.log.Infoln("Starting model pull:", utils.SanitizeForLog(reference))
 
 	remoteModel, err := c.registry.Model(ctx, reference)
 	if err != nil {
@@ -157,7 +158,7 @@ func (c *Client) PullModel(ctx context.Context, reference string, progressWriter
 	// Check if model exists in local store
 	localModel, err := c.store.Read(remoteDigest.String())
 	if err == nil {
-		c.log.Infoln("Model found in local store:", reference)
+		c.log.Infoln("Model found in local store:", utils.SanitizeForLog(reference))
 		cfg, err := localModel.Config()
 		if err != nil {
 			return fmt.Errorf("getting cached model config: %w", err)
@@ -176,7 +177,7 @@ func (c *Client) PullModel(ctx context.Context, reference string, progressWriter
 		}
 		return nil
 	} else {
-		c.log.Infoln("Model not found in local store, pulling from remote:", reference)
+		c.log.Infoln("Model not found in local store, pulling from remote:", utils.SanitizeForLog(reference))
 	}
 
 	// Model doesn't exist in local store or digests don't match, pull from remote
@@ -268,10 +269,10 @@ func (c *Client) ListModels() ([]types.Model, error) {
 
 // GetModel returns a model by reference
 func (c *Client) GetModel(reference string) (types.Model, error) {
-	c.log.Infoln("Getting model by reference:", reference)
+	c.log.Infoln("Getting model by reference:", utils.SanitizeForLog(reference))
 	model, err := c.store.Read(reference)
 	if err != nil {
-		c.log.Errorln("Failed to get model:", err, "reference:", reference)
+		c.log.Errorln("Failed to get model:", err, "reference:", utils.SanitizeForLog(reference))
 		return nil, fmt.Errorf("get model '%q': %w", reference, err)
 	}
 
@@ -280,7 +281,7 @@ func (c *Client) GetModel(reference string) (types.Model, error) {
 
 // IsModelInStore checks if a model with the given reference is in the local store
 func (c *Client) IsModelInStore(reference string) (bool, error) {
-	c.log.Infoln("Checking model by reference:", reference)
+	c.log.Infoln("Checking model by reference:", utils.SanitizeForLog(reference))
 	if _, err := c.store.Read(reference); errors.Is(err, ErrModelNotFound) {
 		return false, nil
 	} else if err != nil {
@@ -349,7 +350,7 @@ func (c *Client) DeleteModel(reference string, force bool) (*DeleteModelResponse
 
 // Tag adds a tag to a model
 func (c *Client) Tag(source string, target string) error {
-	c.log.Infoln("Tagging model, source:", source, "target:", target)
+	c.log.Infoln("Tagging model, source:", source, "target:", utils.SanitizeForLog(target))
 	return c.store.AddTags(source, []string{target})
 }
 
diff --git a/pkg/distribution/internal/utils/utils.go b/pkg/distribution/internal/utils/utils.go
@@ -7,6 +7,7 @@ import (
 	"net/url"
 	"os"
 	"strings"
+	"unicode"
 )
 
 // FormatBytes converts bytes to a human-readable string with appropriate unit
@@ -103,3 +104,48 @@ func (pr *ProgressReader) Read(p []byte) (int, error) {
 	}
 	return n, err
 }
+
+// SanitizeForLog sanitizes a string for safe logging by removing or escaping
+// control characters that could cause log injection attacks.
+// TODO: Consider migrating to structured logging which
+// handles sanitization automatically through field encoding.
+func SanitizeForLog(s string) string {
+	if s == "" {
+		return ""
+	}
+
+	var result strings.Builder
+	result.Grow(len(s))
+
+	for _, r := range s {
+		switch {
+		// Replace newlines and carriage returns with escaped versions.
+		case r == '\n':
+			result.WriteString("\\n")
+		case r == '\r':
+			result.WriteString("\\r")
+		case r == '\t':
+			result.WriteString("\\t")
+		// Remove other control characters (0x00-0x1F, 0x7F).
+		case unicode.IsControl(r):
+			// Skip control characters or replace with placeholder.
+			result.WriteString("?")
+		// Escape backslashes to prevent escape sequence injection.
+		case r == '\\':
+			result.WriteString("\\\\")
+		// Keep printable characters.
+		case unicode.IsPrint(r):
+			result.WriteRune(r)
+		default:
+			// Replace non-printable characters with placeholder.
+			result.WriteString("?")
+		}
+	}
+
+	const maxLength = 100
+	if result.Len() > maxLength {
+		return result.String()[:maxLength] + "...[truncated]"
+	}
+
+	return result.String()
+}
