Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Edited by NavBot (vkp) v1.0

Accepting user input in log files can result in log forging. For example, if a user enters carriage return and line feed (CRLF) sequences, it may be possible to break apart a legit log entry into two log entries. The second entry can be intentionally misleading, for instance, it may warn the administrator that a reboot is required to install critical security updates.

Noncompliant Code Example

This noncompliant code example logs the user's login user name when an invalid request is received. No input sanitization is being performed.

Code Block
bgColor#FFCCCC
logger.severe("Invalid username:" + getUserName());

Compliant Solution

This compliant solution sanitizes the user name input before logging it. Refer to IDS01-J. Sanitize before processing or storing user input for more details on input sanitization.

Code Block
bgColor#ccccff
String username = getUserName();
sanitize(username);
logger.severe("Invalid username:" + username);

Risk Assessment

Allowing unvalidated user input to be logged can result in forging of log entries.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

EXC12- J

medium

probable

medium

P8

L2

Automated Detection

TODO

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[API 2006|AA. Java References#API 06]\] 
\[[MITRE 2009|AA. Java References#MITRE 09]\] [CWE ID 144|http://cwe.mitre.org/data/definitions/144.html] and [CWE ID 150|http://cwe.mitre.org/data/definitions/150.html]


EXC11-J. Restore prior object state on method failure      17. Exceptional Behavior (EXC)      EXC13-J. Throw specific exceptions as opposed to the more general RuntimeException or Exception