Fortify Issue: Log Forging

opengeospatial / teamengine

TEAM Engine (Test, Evaluation, And Measurement Engine) is an engine for testing web services and other resources written in JAVA. It executes test scripts written in Compliance Test Language (CTL), TestNG and other languages. It is lightweight and easy to run as a command line or to setup as a service. It can be used to test any type of service or encoding. It is also the official tool used by the Open Geospatial Consortium (OGC) for compliance testing.

Apache License 2.0

45 stars 41 forks source link

Fortify Issue: Log Forging #307

Open cmheazel opened 6 years ago

cmheazel commented 6 years ago

Log forging is a vulnerability where a user can write unvalidated content to the log. This is a specific instance of the larger issue of user input validation. Fixes to this issue may also address other issues such as Path Manipulation.

dstenger commented 2 years ago

@bpross-52n Can you please check if this issue is solved by https://github.com/opengeospatial/teamengine/pull/515?

bpross-52n commented 2 years ago

Even though the branch for #515 has this issue number in it, the pull request only fortifies against path manipulation. So log forging is not prevented by #515.