New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[A9] - Security Logging and Monitoring Failures - Solution #542
Conversation
This pull request introduces 1 alert and fixes 2 when merging a389795 into 60e5cf1 - view on LGTM.com new alerts:
fixed alerts:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Very good, @henriporto! You covered all the main logging points. I just left some comments regarding some information that would be nice to have at each logging message
@@ -27,7 +27,8 @@ | |||
bootstrap = Bootstrap(app) | |||
|
|||
app.config.from_pyfile('config.py') | |||
|
|||
logging.basicConfig(filename='log.log', level=logging.DEBUG, format=f'%(asctime)s %(levelname)s %(name)s %(threadName)s : %(message)s') | |||
#logging.basicConfig(level=logging.DEBUG, format=f'%(asctime)s %(levelname)s %(name)s %(threadName)s : %(message)s', handlers=[logging.FileHandler("ola_povo.log"),logging.StreamHandler()]) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Commenting code is a quick way to test different implementations, but it is not a good practice to maintain it after we finish the development. Could you remove the comment?
Why are we using level=logging.DEBUG
? All the calls seems to be with logger.info
. Using DEBUG
could pollute the output (maybe some library will log debug messages?)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Logs were wrongly configured. I fixed the settings in this new commit! thanks for the feedback!!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice, the logging points and messages seems very good now!
However, I would still recommend to use stdout
directly instead of a info.log
file. Could you take a look at that?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This pull request introduces 1 alert and fixes 3 when merging d2521b2 into 6e036c0 - view on LGTM.com new alerts:
fixed alerts:
|
This pull request introduces 2 alerts and fixes 3 when merging 8bf20cf into 6e036c0 - view on LGTM.com new alerts:
fixed alerts:
|
This pull request introduces 2 alerts and fixes 3 when merging 073a8c3 into 6e036c0 - view on LGTM.com new alerts:
fixed alerts:
|
This solution refers to which of the apps?
A9 - Security Logging and Monitoring Failures - Python - GamesIrados.com
What did you do to mitigate the vulnerability?
Implemented logging.
Did you test your changes? What commands did you run?
Yes: