Need

Prevent compromising log integrity or system safety by log injection

Context

• Usage of Elixir (v1.10+) for building scalable and fault-tolerant applications
• Usage of Plug for request handling
• Usage of Phoenix framework for building web applications
• Usage of Logger for standard logging

Description

Non compliant code

        def handle_post(%{params: %{"user_input" => input}} = conn, _opts) do
  Logger.info("User input: #{input}")
  # further code
end
        
        

This code is vulnerable because it directly logs user-provided input without sanitizing it. An attacker could inject malicious content into the logs via this input, potentially compromising the integrity of the logs or even the system of the person viewing the logs.

Steps

• Sanitize user inputs before storing them in the log. This can be achieved by encoding special characters or stripping control characters.
• Avoid using user-provided input directly in logs where possible.
• Consider the use of structured logging, which can make injection attacks harder.

Compliant code

        def handle_post(%{params: %{"user_input" => input}} = conn, _opts) do
  sanitized_input = sanitize_input(input)
  Logger.info("User input: #{sanitized_input}")
  # further code
end

def sanitize_input(input) do
  # Sanitization logic, e.g., escaping special characters
end
        
        

The secure code example sanitizes the user input before logging it, helping prevent log injection attacks. The sanitize_input function would contain the appropriate logic for sanitizing the input, such as stripping control characters or escaping special characters.

References

• 091. Log injection