You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: python/ql/src/Security/CWE-117/LogInjection.qhelp
+8-5Lines changed: 8 additions & 5 deletions
Original file line number
Diff line number
Diff line change
@@ -8,8 +8,11 @@
8
8
9
9
<p>If unsanitized user input is written to a log entry, a malicious user may be able to forge new log entries.</p>
10
10
11
-
<p>Forgery can occur if a user provides some input creating the appearance of multiple
12
-
log entries. This can include unescaped new-line characters, or HTML or other markup.</p>
11
+
<p>Forgery can occur if a user provides some input with characters that are interpreted
12
+
when the log output is displayed. If the log is displayed as a plain text file, then new
13
+
line characters can be used by a malicious user to create the appearance of multiple log
14
+
entries. If the log is displayed as HTML, then arbitrary HTML may be included to spoof
15
+
log entries.</p>
13
16
</overview>
14
17
15
18
<recommendation>
@@ -29,14 +32,14 @@ other forms of HTML injection.
29
32
30
33
<example>
31
34
<p>
32
-
In the example, the name provided by the user is recorded using the log output function (<code>logging.info</code> or <code>app.logger.info</code>, etc.).
33
-
In these four cases, the name provided by the user is not provided The processing is recorded. If a malicious user provides <code>Guest%0D%0AUser name: Admin</code>
35
+
In the example, the name provided by the user is recorded using the log output function (<code>logging.info</code> or <code>app.logger.info</code>, etc.).
36
+
In these four cases, the name provided by the user is not provided The processing is recorded. If a malicious user provides <code>Guest%0D%0AUser name: Admin</code>
34
37
as a parameter, the log entry will be divided into two lines, the first line is <code>User name: Guest</code> code>, the second line is <code>User name: Admin</code>.
35
38
</p>
36
39
<samplesrc="LogInjectionBad.py" />
37
40
38
41
<p>
39
-
In a good example, the program uses the <code>replace</code> function to provide parameter processing to the user, and replace <code>\r\n</code> and <code>\n</code>
42
+
In a good example, the program uses the <code>replace</code> function to provide parameter processing to the user, and replace <code>\r\n</code> and <code>\n</code>
40
43
with empty characters. To a certain extent, the occurrence of log injection vulnerabilities is reduced.
0 commit comments