Change this code to not log user-controlled data. | Community
Skip to main content
G
goyalkritika
New Participant
May 5, 2023
Solved

Change this code to not log user-controlled data.

  • May 5, 2023
  • 1 reply
  • 6922 views

On logs as mentioned below, SonarQube throws an issue stating 'Change this code to not log user-controlled data.'

 

LOGGER.error("Unable to adapt resource at path {} to a Page object",
rootPagePath);
 
Why is this an issue?
This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by MayurSatav

Hi @goyalkritika,

 

Logging user-controlled data considered a security vulnerability. Attackers can manipulate user-controlled data to inject malicious code or exploit application vulnerabilities. In this case, the rootPagePath parameter is logged with the error message. If an attacker is able to control the value of rootPagePath, they can use it to inject their own code or perform other attacks on the application. This problem can be fixed by removing user-controlled data logging from the code.

1 reply

MayurSatav
MayurSatavAccepted solution
New Participant
May 5, 2023

Hi @goyalkritika,

 

Logging user-controlled data considered a security vulnerability. Attackers can manipulate user-controlled data to inject malicious code or exploit application vulnerabilities. In this case, the rootPagePath parameter is logged with the error message. If an attacker is able to control the value of rootPagePath, they can use it to inject their own code or perform other attacks on the application. This problem can be fixed by removing user-controlled data logging from the code.

    Terms & ConditionsAccessibility statement

    Loading footer...