From 30b89f1bd7ab1d55cbb72b934603cc75b7705b03 Mon Sep 17 00:00:00 2001
From: J Reece Wilson <me@reece.sx>
Date: Tue, 21 May 2024 04:58:20 +0100
Subject: [PATCH] [*] Security: use AuCodepointsReplaceAll instead of
 AuReplaceAll under the loggers mitigations

---
 Source/Logging/AuLogger.cpp | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/Source/Logging/AuLogger.cpp b/Source/Logging/AuLogger.cpp
index 7aa0d0dc..ab8b259e 100644
--- a/Source/Logging/AuLogger.cpp
+++ b/Source/Logging/AuLogger.cpp
@@ -300,14 +300,17 @@ namespace Aurora::Logging
     {
         if (this->bEnableMitigations)
         {
+            // Nuke \r and \x1b / \33 / \e sequences using UTF-8 aware replaceall
+            // \r -> dont let a bad actor override cat and unformatted console logs
+            // \e -> dont let a bad actor communicate with a potentially vulnerable TTY emulator
             if (msg.line.find('\r') != AuString::npos) [[unlikely]]
             {
-                AuReplaceAll(msg.line, "\r", "\\r");
+                AuCodepointsReplaceAll(msg.line, "\r", "\\r");
             }
 
             if (msg.line.find('\33') != AuString::npos) [[unlikely]]
             {
-                AuReplaceAll(msg.line, "\33", "\\e");
+                AuCodepointsReplaceAll(msg.line, "\33", "\\e");
             }
         }