# Improper Output Neutralization for Logs (CWE-117) The product does not neutralize or incorrectly neutralizes output that is written to logs. **Stack:** JavaScript - Prevalence: Media 3 lenguajes cubiertos - Impact: Medio Se recomienda revisión - Prevention: Documentada 4 ejemplos de corrección **OWASP:** Injection (A03:2021-Injection) - #3 ## Description Log injection attacks occur when user input is written to log files without proper sanitization. This can allow attackers to forge log entries, inject malicious content, or exploit log analysis tools. ## Prevention Estrategias de prevención para Log Injection basadas en 2 reglas de detección de Shoulder. ### JavaScript Strip newline characters from user input before writing to log files Sanitize user input by stripping CRLF characters before writing to logs ## Warning Signs - [LOW] user input flowing to persistent log files without sanitization ## Consequences - Modificar datos de la aplicación - Ocultar actividades - Ejecutar código no autorizado ## Mitigations - Valida y sanea toda la entrada antes de escribirla en logs - Usa formatos de logging estructurados que separen los datos de la sintaxis del log - Codifica caracteres especiales al escribir datos controlados por el usuario en logs ## Detection - Total rules: 4 - Languages: go, javascript, typescript, python ## Rules by Language ### Javascript (2 rules) - **Log Injection** [LOW]: Detects user input flowing to persistent log files without sanitization. - Remediation: Sanitize user input by removing newline characters before logging. ```javascript const safe = userInput.replace(/[\r\n]/g, ''); logger.info(safe); ``` Learn more: https://shoulder.dev/learn/javascript/cwe-117/log-injection - **Log Injection** [MEDIUM]: Detects user input flowing to persistent log files without sanitization. - Remediation: Sanitize user input before logging to prevent log forgery: ```javascript const sanitize = (str) => str.replace(/[\r\n]/g, '').substring(0, 200); logger.info('Login attempt', { username: sanitize(req.body.username) }); ``` Learn more: https://shoulder.dev/learn/javascript/cwe-117/log-injection ### Typescript (1 rules) - **Log Injection** [MEDIUM]: Detects user input flowing to persistent log files without sanitization. - Remediation: Sanitize user input before logging to prevent log forgery: ```javascript const sanitize = (str) => str.replace(/[\r\n]/g, '').substring(0, 200); logger.info('Login attempt', { username: sanitize(req.body.username) }); ``` Learn more: https://shoulder.dev/learn/javascript/cwe-117/log-injection