# Improper Output Neutralization for Logs (CWE-117)

The product does not neutralize or incorrectly neutralizes output that is written to logs.

**Stack:** Go

- Prevalence: Media 3 lenguajes cubiertos
- Impact: Medio Se recomienda revisión
- Prevention: Documentada 4 ejemplos de corrección

**OWASP:** Injection (A03:2021-Injection) - #3

## Description

Log injection attacks occur when user input is written to log files without proper sanitization. This can allow attackers to forge log entries, inject malicious content, or exploit log analysis tools.

## Prevention

Estrategias de prevención para Log Injection basadas en 1 reglas de detección de Shoulder.

### Go

Strip newlines and control characters from user input before logging

## Warning Signs

- [MEDIUM] unsanitized user input flowing into log statements, enabling log forging attacks

## Consequences

- Modificar datos de la aplicación
- Ocultar actividades
- Ejecutar código no autorizado

## Mitigations

- Valida y sanea toda la entrada antes de escribirla en logs
- Usa formatos de logging estructurados que separen los datos de la sintaxis del log
- Codifica caracteres especiales al escribir datos controlados por el usuario en logs

## Detection

- Total rules: 4
- Languages: go, javascript, typescript, python

## Rules by Language

### Go (1 rules)

- **Log Injection / Log Forging** [MEDIUM]: Detects unsanitized user input flowing into log statements, enabling log forging attacks.
  - Remediation: Remove newlines and control characters from user input before logging.

```go
sanitized := strings.ReplaceAll(userInput, "\n", "")
sanitized = strings.ReplaceAll(sanitized, "\r", "")
log.Printf("User action: %s", sanitized)
```

Learn more: https://shoulder.dev/learn/go/cwe-117/log-injection