...
Logging unsanitized user input can also result in leaking sensitive data across a trust boundary, or storing sensitive data in a manner that violates local law or regulation. See rule IDS00-J for more details on input sanitization. For example, if a user can inject an unencrypted credit card number into a log file, the system could violate PCI DSS regulations ([PCI 2010)]. See rule IDS00-J for more details on input sanitization.
Noncompliant Code Example
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="469aa1b63adfefae-0961af54-44274eec-838aaa3d-b44348508aab85c6b0acb3dc"><ac:plain-text-body><![CDATA[ | [ISO/IEC TR 24772:2010 | http://www.aitcnet.org/isai/] | Injection [RST] | ]]></ac:plain-text-body></ac:structured-macro> |
CWE-144. Improper Neutralization neutralization of Line Delimiters line delimiters | ||||
| CWE-150. Improper Neutralization neutralization of Escapeescape, Metameta, or Control Sequences control sequences |
Bibliography
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="7a8d720e024877fb-8767543f-4e6f46a6-8577a923-eac2ab53c9ce72072efd4659"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. Bibliography#API 06]] | ]]></ac:plain-text-body></ac:structured-macro> | ||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="79d023bd4c46cb5e-8f12fabe-4bf94c5e-ba388f32-a5135a4c72f69debc1b1b95a"><ac:plain-text-body><![CDATA[ | [[OWASP 2008 | AA. Bibliography#OWASP 08]] | [Log Injection | https://www.owasp.org/index.php/Log_injection] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="68bc0d060d566046-31acf28c-49b8483a-9d8b99c8-7eab4170b473ff5453c7996d"><ac:plain-text-body><![CDATA[ | [[PCI DSS Standard | https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml]] | ]]></ac:plain-text-body></ac:structured-macro> |
...