diff options
author | Bogumil Zebek <bogumil.zebek@nokia.com> | 2020-04-21 11:24:14 +0200 |
---|---|---|
committer | Zebek Bogumil <bogumil.zebek@nokia.com> | 2020-04-21 11:24:14 +0200 |
commit | 7fc63309a08cfee169c4643b108aa2a8f41d692b (patch) | |
tree | ba5fb35bdde2088c60547fc878cfaafb339139a5 /netconfsimulator/src | |
parent | 833b1a0f2f768efe73be794d0685a766609970fd (diff) |
Fix security vulnerable
User provided data, such as URL parameters, POST data payloads or cookies, should always be considered untrusted and tainted. Applications logging tainted data could enable an attacker to inject characters that would break the log file pattern. This could be used to block monitors and SIEM (Security Information and Event Management) systems from detecting other malicious events.
This problem could be mitigated by sanitizing the user provided data before logging it.
Issue-ID: INT-1517
Signed-off-by: Zebek Bogumil <bogumil.zebek@nokia.com>
Change-Id: Ifc4cd24daba49c3fe2e41a5709a87d5cf3daa642
Diffstat (limited to 'netconfsimulator/src')
0 files changed, 0 insertions, 0 deletions