# Improper Output Neutralization for Logs (CWE-117)

The product does not neutralize or incorrectly neutralizes output that is written to logs.

**Stack:** Go

- Prevalence: Mittel 3 Sprachen abgedeckt
- Impact: Mittel Review empfohlen
- Prevention: Dokumentiert 4 Fix-Beispiele

**OWASP:** Injection (A03:2021-Injection) - #3

## Description

Log injection attacks occur when user input is written to log files without proper sanitization. This can allow attackers to forge log entries, inject malicious content, or exploit log analysis tools.

## Prevention

Präventionsstrategien für Log Injection basierend auf 1 Shoulder-Erkennungsregeln.

### Go

Strip newlines and control characters from user input before logging

## Warning Signs

- [MEDIUM] unsanitized user input flowing into log statements, enabling log forging attacks

## Consequences

- Anwendungsdaten ändern
- Aktivitäten verbergen
- Nicht autorisierten Code ausführen

## Mitigations

- Validiere und bereinige alle Eingaben, bevor sie in Logs geschrieben werden
- Verwende strukturierte Log-Formate, die Daten von der Log-Syntax trennen
- Encodiere Sonderzeichen, wenn benutzergesteuerte Daten in Logs geschrieben werden

## Detection

- Total rules: 4
- Languages: go, javascript, typescript, python

## Rules by Language

### Go (1 rules)

- **Log Injection / Log Forging** [MEDIUM]: Detects unsanitized user input flowing into log statements, enabling log forging attacks.
  - Remediation: Remove newlines and control characters from user input before logging.

```go
sanitized := strings.ReplaceAll(userInput, "\n", "")
sanitized = strings.ReplaceAll(sanitized, "\r", "")
log.Printf("User action: %s", sanitized)
```

Learn more: https://shoulder.dev/learn/go/cwe-117/log-injection