Log Injection
Need
Prevent compromising log integrity or system safety by log injection
Context
- Usage of Elixir (v1.10+) for building scalable and fault-tolerant applications
- Usage of Plug for request handling
- Usage of Phoenix framework for building web applications
- Usage of Logger for standard logging
Description
Non compliant code
def handle_post(%{params: %{"user_input" => input}} = conn, _opts) do
Logger.info("User input: #{input}")
# further code
end
This code is vulnerable because it directly logs user-provided input without sanitizing it. An attacker could inject malicious content into the logs via this input, potentially compromising the integrity of the logs or even the system of the person viewing the logs.
Steps
- Sanitize user inputs before storing them in the log. This can be achieved by encoding special characters or stripping control characters.
- Avoid using user-provided input directly in logs where possible.
- Consider the use of structured logging, which can make injection attacks harder.
Compliant code
def handle_post(%{params: %{"user_input" => input}} = conn, _opts) do
sanitized_input = sanitize_input(input)
Logger.info("User input: #{sanitized_input}")
# further code
end
def sanitize_input(input) do
# Sanitization logic, e.g., escaping special characters
end
The secure code example sanitizes the user input before logging it, helping prevent log injection attacks. The sanitize_input function would contain the appropriate logic for sanitizing the input, such as stripping control characters or escaping special characters.