User-provided inputs must be sanitized before they are logged. An attacker can use unsanitized input to break a log's integrity, forge log entries, or bypass log monitors.
1@RequestMapping("/example.htm")
2public ModelAndView loggingNonCompliant(HttpServletRequest request) {
3 ModelAndView result = new ModelAndView("success");
4 String userId = request.getParameter("userId");
5 result.addObject("userId", userId);
6 // More logic here to populate the result.
7 // Noncompliant: unsanitized input is logged.
8 log.info("Successfully processed request for user ID: {}.", userId);
9 return result;
10}
1@RequestMapping("/example.htm")
2public ModelAndView loggingCompliant(HttpServletRequest request) {
3 ModelAndView result = new ModelAndView("success");
4 String userId = request.getParameter("userId");
5 String sanitizedUserId = sanitize(userId);
6 result.addObject("userId", sanitizedUserId);
7 // More logic here to populate the result.
8 // Compliant: input is sanitized before logging.
9 log.info("Successfully processed request for user ID: {}.", sanitizedUserId);
10 return result;
11}
12private static String sanitize(String userId) {
13 // Remove all chars except digits.
14 return userId.replaceAll("\\D", "");
15}