-->
Skip to main content

Posts

Showing posts with the label Veracode

Solution : Improper Output Neutralization For Logs (CWE ID 117)

Solution: Improper Output Neutralization For Logs (CWE ID 117) Today we will give the solution for Improper Output Neutralization For Logs (CWE ID 117) which is one of the things that Veracode shows to fix the CRLF Injection. Why it Occured as Per Veracode documentation  A function call could result in a log forging attack. Writing untrusted data into a log file allows an attacker to forge log entries or inject malicious content into log files. Corrupted log files can be used to cover an attacker's tracks or as a delivery mechanism for an attack on a log viewing or processing utility. For example, if a web administrator uses a browser-based utility to review logs, a cross-site scripting attack might be possible. Thus if we don't fix this it will allow attackers to inject malicious content into our logs. Recommadation by documentation Avoid directly embedding user input in log files when possible. Sanitize untrusted data used to construct log entries by using a safe logging mec