# Improper Output Neutralization for Logs (CWE-117)

The product does not neutralize or incorrectly neutralizes output that is written to logs.

**Stack:** Go

- Prevalence: Medium 3 languages covered
- Impact: Medium Review recommended
- Prevention: Documented 4 fix examples

**OWASP:** Injection (A03:2021-Injection) - #3

## Description

Log injection attacks occur when user input is written to log files without proper sanitization. This can allow attackers to forge log entries, inject malicious content, or exploit log analysis tools.

## Prevention

Prevention strategies for Log Injection based on 1 Shoulder detection rules.

### Go

Strip newlines and control characters from user input before logging

## Warning Signs

- [MEDIUM] unsanitized user input flowing into log statements, enabling log forging attacks

## Consequences

- Modify Application Data
- Hide Activities
- Execute Unauthorized Code

## Mitigations

- Validate and sanitize all input before writing to logs
- Use structured logging formats that separate data from log syntax
- Encode special characters when writing user-controlled data to logs

## Detection

- Total rules: 4
- Languages: go, javascript, typescript, python

## Rules by Language

### Go (1 rules)

- **Log Injection / Log Forging** [MEDIUM]: Detects unsanitized user input flowing into log statements, enabling log forging attacks.
  - Remediation: Remove newlines and control characters from user input before logging.

```go
sanitized := strings.ReplaceAll(userInput, "\n", "")
sanitized = strings.ReplaceAll(sanitized, "\r", "")
log.Printf("User action: %s", sanitized)
```

Learn more: https://shoulder.dev/learn/go/cwe-117/log-injection