Possible CLRF injection detected

Overview

• Rule ID: java_lang_crlf_injection

• Applicable Languages: Java

• Weakness ID: CWE-93

Description

CRLF (Carriage Return Line Feed) injection vulnerability occurs when an attacker can insert line termination characters into a log message. This can result in forged log entries, compromising the integrity of log files.

Remediation Guidelines

• Before logging user input data, it is essential to strip any carriage return and line feed characters. This practice prevents attackers from injecting malicious CRLF sequences into the log entries.

  Copy

  logger.info(userInput.replaceAll("[\r\n]+", ""));

References

• OWASP CRLF Injection

• OWASP Logging Cheat Sheet

• CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')

• OWASP Top 10: A03:2021 - Injection

Configuration

To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our SAST TOOL