# Improper Output Neutralization for Logs (CWE-117)

The product does not neutralize or incorrectly neutralizes output that is written to logs.

**Stack:** Go

- Prevalence: 보통 3개 언어 지원
- Impact: 보통 검토 권장
- Prevention: 문서화됨 4개의 수정 예시

**OWASP:** Injection (A03:2021-Injection) - #3

## Description

Log injection attacks occur when user input is written to log files without proper sanitization. This can allow attackers to forge log entries, inject malicious content, or exploit log analysis tools.

## Prevention

1개의 Shoulder 탐지 규칙을 기반으로 한 Log Injection 예방 전략.

### Go

Strip newlines and control characters from user input before logging

## Warning Signs

- [MEDIUM] unsanitized user input flowing into log statements, enabling log forging attacks

## Consequences

- 애플리케이션 데이터 수정
- 활동 은폐
- 승인되지 않은 코드 실행

## Mitigations

- 로그에 기록하기 전에 모든 입력을 검증하고 정제하세요
- 데이터와 로그 구문을 분리하는 구조화된 로그 포맷을 사용하세요
- 사용자가 제어할 수 있는 데이터를 로그에 기록할 때 특수 문자를 인코딩하세요

## Detection

- Total rules: 4
- Languages: go, javascript, typescript, python

## Rules by Language

### Go (1 rules)

- **Log Injection / Log Forging** [MEDIUM]: Detects unsanitized user input flowing into log statements, enabling log forging attacks.
  - Remediation: Remove newlines and control characters from user input before logging.

```go
sanitized := strings.ReplaceAll(userInput, "\n", "")
sanitized = strings.ReplaceAll(sanitized, "\r", "")
log.Printf("User action: %s", sanitized)
```

Learn more: https://shoulder.dev/learn/go/cwe-117/log-injection