generic-remediation-reports.log-injection.report.json Maven / Gradle / Ivy

Go to download

Show more of this group Show more artifacts with this name
Show all versions of codemodder-base Show documentation

Base framework for writing codemods in Java

There is a newer version: 0.98.8

{
  "summary" : "Introduced protections against Log Injection / Forging attacks",
  "change" : "Added a call to replace any newlines the value",
  "reviewGuidanceJustification" : "This strips newlines from the value before it is logged, preventing log injection attacks",
  "references" : ["https://owasp.org/www-community/attacks/Log_Injection", "https://knowledge-base.secureflag.com/vulnerabilities/inadequate_input_validation/log_injection_vulnerability.html", "https://cwe.mitre.org/data/definitions/117.html"]
}