Closed Ajay-Dhangar closed 3 weeks ago
Hi @Ajay-Dhangar! Thanks for opening this issue. We appreciate your contribution to this open-source project. Your input is valuable and we aim to respond or assign your issue as soon as possible. Thanks again!
Hello @Ajay-Dhangar! Your issue #3270 has been closed. Thank you for your contribution!
DESCRIPTION
Logs serve as important records that are used by monitoring services and developers to investigate incidents. Logging unsanitized user input to the server allows the user to forge custom server logs.
In some more serious scenarios, it opens the application up to attacks like spoofing. The attacker may insert a line break in the request object, and make the second line of their log look like a log from a different user or an info message displayed by the server.
BAD PRACTICE
RECOMMENDED
Sanitize user queries before logging them into the console