转义ETW格式字符串中的字符？

Question

我正在使用新的EventSource类从我的应用程序写入Windows事件日志,到目前为止它很棒.然而,也有我观察到正在引起那些可能与问题两件事情:该格式字符串传递给事件属性不会出现被写入到事件日志之前进行正常的String.format处理.

考虑这个块:

[Event((int)LogEvent.UserCreated, Keywords=Keywords.Directory, Channel=EventChannel.Operational,
Message="Created username {0} with forum post signature {1} and homepage {2}.")]
public void UserCreated(string username, string signature, string homepageAddress)
{
    WriteEvent((int)LogEvent.UserCreated, username, signature, homepageAddress);
}

发生了一些事情:

• 如果我尝试将\n插入到消息的格式字符串中,则事件日志中不会打印换行符.
• 如果签名字符串包含换行符,则会在事件日志中自然打印换行符.
• 如果签名或homepageAddress字符串包含类似ETW的标记(%1,%2或%3),那么ETW开始用变量本身替换那些伪标记,最后我自己嵌套了嵌套的变量.

我认为,如果有对ETW转义字符,它可以被用来放换行符格式字符串,也可以让我预先处理我的字符串值,以防止这些SQL注入式的错误.

这样的转义字符是否存在？这通常是怎么做的？

Answer 1

EventSource清单生成器执行的转换是

{0} -> %1
...
{n} -> %(n+1)

&   -> &
<   -> &lt;
>   -> &gt;
'   -> &apos;
"   -> &quot;

作为参考,转换发生在string EventProviderBase.TranslateToManifestConvention(string).

然后你最终得到消息编译器. 逃生如下:

%n[!format_specifier!]  Describes an insert. Each insert is an entry in the 
    Arguments array in the FormatMessage function. The value of n can be a number 
    between 1 and 99. The format specifier is optional. If no value is specified, 
    the default is !s!. For information about the format specifier, see wsprintf. 
    The format specifier can use * for either the precision or the width. When 
    specified, they consume inserts numbered n+1 and n+2.

%0  Terminates a message text line without a trailing newline character. This can 
    be used to build a long line or terminate a prompt message without a trailing 
    newline character.

%.  Generates a single period. This can be used to display a period at the 
    beginning of a line, which would otherwise terminate the message text.

%!  Generates a single exclamation point. This can be used to specify an 
    exclamation point immediately after an insert.

%%  Generates a single percent sign.

%n  Generates a hard line break when it occurs at the end of a line. This can be 
    used with FormatMessage to ensure that the message fits a certain width.

%b  Generates a space character. This can be used to ensure an appropriate number 
    of trailing spaces on a line.

%r  Generates a hard carriage return without a trailing newline character.