Possible CLRF injection detected

Overview

Rule ID: java_lang_crlf_injection
Applicable Languages: Java
Weakness ID: CWE-93

Description

CRLF (Carriage Return Line Feed) injection vulnerability occurs when an attacker can insert line termination characters into a log message. This can result in forged log entries, compromising the integrity of log files.

Remediation Guidelines

Before logging user input data, it is essential to strip any carriage return and line feed characters. This practice prevents attackers from injecting malicious CRLF sequences into the log entries.
```
logger.info(userInput.replaceAll("[\r\n]+", ""));
```

References

OWASP CRLF Injection
OWASP Logging Cheat Sheet
CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')
OWASP Top 10: A03:2021 - Injection

Configuration

To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our SAST TOOL

PreviousPermissive Screenshot option set NextPossible expression language (EL) injection detected

Last updated 8 months ago