...
Logging unsanitized user input can also result in leaking sensitive data across a trust boundary, or storing sensitive data in a manner that is contrary to local law or regulation. See rule IDS00-J. Sanitize untrusted data passed across a trust boundary for more details on input sanitization. For instance, if a user is able to inject an unencrypted credit card number into a log file, the system could violate PCI DSS regulations (PCI DSS Standard).
Noncompliant Code Example
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="7db7bad45b0a2c86-1e7c4892-44aa44c3-99aa9572-76ca9b8d309461ae81ff8492"><ac:plain-text-body><![CDATA[ | [ISO/IEC TR 24772:2010 | http://www.aitcnet.org/isai/] | "Injection [RST]" | ]]></ac:plain-text-body></ac:structured-macro> |
CWE-144, "Improper Neutralization of Line Delimiters" | ||||
| CWE-150, "Improper Neutralization of Escape, Meta, or Control Sequences" |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="60b1e5a0b38a1cdd-b088ed95-477c42b0-93ddb916-0f33aa753536c4abc7b23041"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. Bibliography#API 06]] | ]]></ac:plain-text-body></ac:structured-macro> | ||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="c5c181553e20e5d5-da9f9d1e-46384ae0-b5d7b849-4e043c73032d54571cb4cf51"><ac:plain-text-body><![CDATA[ | [[OWASP 2008 | AA. Bibliography#OWASP 08]] | [Log Injection | https://www.owasp.org/index.php/Log_injection] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="365ff211-e9db-4277-8f19-4e267af6217c"><ac:plain-text-body><![CDATA[ | [[PCI DSS Standard | https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml]] | ]]></ac:plain-text-body></ac:structured-macro> |
...