Skip to content

[Java] CodeQL query to detect Log Injection #3882

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
dellalibera wants to merge 6 commits into from
Closed

[Java] CodeQL query to detect Log Injection #3882

Changes from 1 commit
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
47579fd
Add CodeQL query to detect Log Injection in Java code
dellalibera Jul 2, 2020
aa0dc9b
Change message
dellalibera Jul 2, 2020
bde715b
Update java/ql/src/experimental/Security/CWE/CWE-117/LogInjection.help
dellalibera Jul 3, 2020
e4a5154
Update java/ql/src/experimental/Security/CWE/CWE-117/LogInjection.help
dellalibera Jul 3, 2020
5ddb15f
Update .qhelp
dellalibera Jul 3, 2020
e9c8434
Update example
dellalibera Jul 3, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Update java/ql/src/experimental/Security/CWE/CWE-117/LogInjection.help 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
  • Loading branch information
@dellalibera @Marcono1234
dellalibera and Marcono1234 authored Jul 3, 2020
commit bde715bebfa9e5f311524750915f972d2e5baf33
4 changes: 2 additions & 2 deletions java/ql/src/experimental/Security/CWE/CWE-117/LogInjection.help
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,11 +31,11 @@ other forms of HTML injection.

<example>
<p>In the example, a username, provided by the user, is logged using `logger.warn` (from `org.slf4j.Logger`).
In the first case (`\bad` endpoint), the username is logged without any sanitization.
In the first case (`/bad` endpoint), the username is logged without any sanitization.
If a malicious user provides `Guest'%0AUser:'Admin` as a username parameter,
the log entry will be splitted in two different lines, where the first line will be `User:'Guest', while the second one will be `User:'Admin'`.
Comment thread
dellalibera marked this conversation as resolved.
Outdated
Copy link
Copy Markdown
Contributor

@Marcono1234 Marcono1234 Jul 2, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

splitted in two different lines

"two separate lines" might be more correct

Copy link
Copy Markdown
Contributor Author

@dellalibera dellalibera Jul 3, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks. I made the change.

</p>
<p> In the second case (`\good` endpoint), <code>replace</code> is used to ensure no line endings are present in the user input.
<p> In the second case (`/good` endpoint), <code>replace</code> is used to ensure no line endings are present in the user input.
If a malicious user provides `Guest'%0AUser:'Admin` as a username parameter,
the log entry will not be splitted in two different lines, resulting in a single line `User:'Guest'User:'Admin'`.
Copy link
Copy Markdown
Contributor

@Marcono1234 Marcono1234 Jul 2, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

two different lines

"two separate lines" might be more correct

Copy link
Copy Markdown
Contributor Author

@dellalibera dellalibera Jul 3, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks. I made the change.

</p>
Expand Down