...
Logging unsanitized user input can also result in leaking sensitive data across a trust boundary, or storing sensitive data in a manner that is contrary to local law or regulation. See guideline IDS01-J. Sanitize untrusted data passed across a trust boundary for more details on input sanitization.
Noncompliant Code Example
This noncompliant code example logs the user's login user name when an invalid request is received. No input sanitization is performed.
| Code Block | ||
|---|---|---|
| ||
logger.severe("Invalid username:" + getUserName());
|
Compliant Solution
This compliant solution sanitizes the user name input before logging it. Refer to guideline IDS01-J. Sanitize untrusted data passed across a trust boundary for more details on input sanitization.
| Code Block | ||
|---|---|---|
| ||
String username = getUserName();
sanitize(username);
logger.severe("Invalid username:" + username);
|
Risk Assessment
Allowing unvalidated user input to be logged can result in forging of log entries, leaking secure information, or storing sensitive data in a manner that is contrary to local law.
Guideline | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
EXC12-J | medium | probable | medium | P8 | L2 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this guideline on the CERT website.
Bibliography
| Wiki Markup |
|---|
\[[API 2006|AA. Bibliography#API 06]\] \[[MITRE 2009|AA. Bibliography#MITRE 09]\] [CWE ID 144|http://cwe.mitre.org/data/definitions/144.html] and [CWE ID 150|http://cwe.mitre.org/data/definitions/150.html] |
...