Accepting user input in log files can result in log forging. For example, if a user enters carriage return and line feed (CRLF) sequences, it may be possible to break apart a legit log entry into two. The second entry can be made to be purposely misleading, for instance, it may warn the administrator that a reboot is required to install critical security updates.
Noncompliant Code Example
This noncompliant code example logs the user's login user name when an invalid request is received. No input sanitization is being performed.
| Code Block | ||
|---|---|---|
| ||
logger.severe("Invalid username:" + getUserName());
|
Compliant Solution
This compliant solution sanitizes the user name input before logging it. Refer to IDS01-J. Sanitize before processing or storing user input for more details on input sanitization.
| Code Block | ||
|---|---|---|
| ||
String username = getUserName();
sanitize(username);
logger.severe("Invalid username:" + username);
|
Risk Assessment
Allowing unvalidated user input to be logged can lead to forging of log entries.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
EXC34- J | medium | probable | medium | P8 | L2 |
Automated Detection
TODO
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
| Wiki Markup |
|---|
\[[API 06|AA. Java References#API 06]\] \[[MITRE 09|AA. Java References#MITRE 09]\] [CWE ID 144|http://cwe.mitre.org/data/definitions/144.html] and [CWE ID 150|http://cwe.mitre.org/data/definitions/150.html] |
...