Untrusted user input is logged without sanitization

문서 > Datadog 보안 > Code Security > Static Code Analysis (SAST) > SAST 규칙 > Untrusted user input is logged without sanitization

이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Metadata

ID: swift-security/log-injection

Language: Swift

Severity: Warning

Category: Security

CWE: 117

Description

The application logs data that appears to originate from an untrusted source, such as a user-editable text field or a web view, without proper neutralization. This can lead to a log injection vulnerability.

An attacker could insert fake log entries, corrupt the log format, or inject malicious content (e.g., stored XSS payloads) that could be executed by a log viewing application. This manipulation can be used to cover tracks, mislead administrators, or attack other systems that consume the logs.

To mitigate this vulnerability, all untrusted input should be validated and sanitized before being written to logs. Specifically, newline characters (\r, \n) and other control characters should be removed or escaped to prevent log entry forgery.

Non-Compliant Code Examples

import UIKit
import WebKit
import os.log

class UserProfileViewController: UIViewController, WKNavigationDelegate {

    var nicknameField: UITextField!
    var webView: WKWebView!

    func webView(_ webView: WKWebView, decidePolicyFor navigationAction: WKNavigationAction, decisionHandler: @escaping (WKNavigationActionPolicy) -> Void) {
        if let url = navigationAction.request.url {
            // --- VULNERABLE ---
            // The 'query' part of a URL can contain malicious input.
            print("Processing navigation action with query: \(url.query ?? "none")")
        }
        decisionHandler(.allow)
    }
}

Compliant Code Examples

import UIKit
import WebKit
import os.log

class UserProfileViewController: UIViewController, WKNavigationDelegate {

    var nicknameField: UITextField!
    var webView: WKWebView!

    // A helper function to sanitize strings before logging.
    // It removes characters that could be used to forge log entries.
    private func sanitizeForLogging(_ input: String) -> String {
        return input.replacingOccurrences(of: "\r", with: "")
                    .replacingOccurrences(of: "\n", with: "")
    }

    func webView(_ webView: WKWebView, decidePolicyFor navigationAction: WKNavigationAction, decisionHandler: @escaping (WKNavigationActionPolicy) -> Void) {
        if let url = navigationAction.request.url, let query = url.query {
             // --- FIXED ---
            // The query string is sanitized before being logged.
            let sanitizedQuery = sanitizeForLogging(query)
            print("Processing navigation action with sanitized query: \(sanitizedQuery)")
        }
        decisionHandler(.allow)
    }
}