Solution: Improper Output Neutralization For Logs (CWE ID 117) Today we will give the solution for Improper Output Neutralization For Logs (CWE ID 117) which is one of the things that Veracode shows to fix the CRLF Injection. Why it Occured as Per Veracode documentation A function call could result in a log forging attack. Writing untrusted data into a log file allows an attacker to forge log entries or inject malicious content into log files. Corrupted log files can be used to cover an attacker's tracks or as a delivery mechanism for an attack on a log viewing or processing utility. For example, if a web administrator uses a browser-based utility to review logs, a cross-site scripting attack might be possible. Thus if we don't fix this it will allow attackers to inject malicious content into our logs. Recommadation by documentation Avoid directly embedding user input in log files when possible. Sanitize untrusted data used to construct log entries by using a safe logging mec...
A Blog about Java Programming Tutorials, API Features, Interview questions, Technical doubts, Java Examples, Learning Java online, Queries, Error and Exception, Issue in the project, Java coding examples, Java programming language features, Best practices, Jdk enhancements, Veracode flaw fixes, JDK Wise features, Collection API Enhancements, Database query optimization techniques, Git basics, Spring tutorials, Hibernate tutorials, Multithreading, Data structures, Database, Experience