# Improper Output Neutralization for Logs (CWE-117)

The product does not neutralize or incorrectly neutralizes output that is written to logs.

**Stack:** Go

- Prevalence: Média 3 linguagens cobertas
- Impact: Médio Revisão recomendada
- Prevention: Documentada 4 exemplos de correção

**OWASP:** Injection (A03:2021-Injection) - #3

## Description

Log injection attacks occur when user input is written to log files without proper sanitization. This can allow attackers to forge log entries, inject malicious content, or exploit log analysis tools.

## Prevention

Estratégias de prevenção para Log Injection baseadas em 1 regras de detecção do Shoulder.

### Go

Strip newlines and control characters from user input before logging

## Warning Signs

- [MEDIUM] unsanitized user input flowing into log statements, enabling log forging attacks

## Consequences

- Modificar dados da aplicação
- Ocultar atividades
- Executar código não autorizado

## Mitigations

- Valide e sanitize toda entrada antes de gravar em logs
- Use formatos de log estruturados que separem dados da sintaxe do log
- Codifique caracteres especiais ao gravar dados controlados pelo usuário em logs

## Detection

- Total rules: 4
- Languages: go, javascript, typescript, python

## Rules by Language

### Go (1 rules)

- **Log Injection / Log Forging** [MEDIUM]: Detects unsanitized user input flowing into log statements, enabling log forging attacks.
  - Remediation: Remove newlines and control characters from user input before logging.

```go
sanitized := strings.ReplaceAll(userInput, "\n", "")
sanitized = strings.ReplaceAll(sanitized, "\r", "")
log.Printf("User action: %s", sanitized)
```

Learn more: https://shoulder.dev/learn/go/cwe-117/log-injection