Untrusted user input is logged without sanitization

Documentos > Datadog Security > Code Security > Static Code Analysis (SAST) > Reglas de SAST > Untrusted user input is logged without sanitization

Esta página aún no está disponible en español. Estamos trabajando en su traducción.
Si tienes alguna pregunta o comentario sobre nuestro actual proyecto de traducción, no dudes en ponerte en contacto con nosotros.

Metadata

ID: swift-security/log-injection

Language: Unknown

Severity: Warning

Category: Security

CWE: 117

Description

The application logs data that appears to originate from an untrusted source, such as a user-editable text field or a web view, without proper neutralization. This can lead to a log injection vulnerability.

An attacker could insert fake log entries, corrupt the log format, or inject malicious content (e.g., stored XSS payloads) that could be executed by a log viewing application. This manipulation can be used to cover tracks, mislead administrators, or attack other systems that consume the logs.

To mitigate this vulnerability, all untrusted input should be validated and sanitized before being written to logs. Specifically, newline characters (\r, \n) and other control characters should be removed or escaped to prevent log entry forgery.

Non-Compliant Code Examples

import UIKit
import WebKit
import os.log

class UserProfileViewController: UIViewController, WKNavigationDelegate {

    var nicknameField: UITextField!
    var webView: WKWebView!

    func webView(_ webView: WKWebView, decidePolicyFor navigationAction: WKNavigationAction, decisionHandler: @escaping (WKNavigationActionPolicy) -> Void) {
        if let url = navigationAction.request.url {
            // --- VULNERABLE ---
            // The 'query' part of a URL can contain malicious input.
            print("Processing navigation action with query: \(url.query ?? "none")")
        }
        decisionHandler(.allow)
    }
}

Compliant Code Examples

import UIKit
import WebKit
import os.log

class UserProfileViewController: UIViewController, WKNavigationDelegate {

    var nicknameField: UITextField!
    var webView: WKWebView!

    // A helper function to sanitize strings before logging.
    // It removes characters that could be used to forge log entries.
    private func sanitizeForLogging(_ input: String) -> String {
        return input.replacingOccurrences(of: "\r", with: "")
                    .replacingOccurrences(of: "\n", with: "")
    }

    func webView(_ webView: WKWebView, decidePolicyFor navigationAction: WKNavigationAction, decisionHandler: @escaping (WKNavigationActionPolicy) -> Void) {
        if let url = navigationAction.request.url, let query = url.query {
             // --- FIXED ---
            // The query string is sanitized before being logged.
            let sanitizedQuery = sanitizeForLogging(query)
            print("Processing navigation action with sanitized query: \(sanitizedQuery)")
        }
        decisionHandler(.allow)
    }
}