blaze icon indicating copy to clipboard operation
blaze copied to clipboard

Published 20 hours ago verified publisher icon samply

Don't Log Request URI and Query Params Directly

Open alexanderkiel opened this issue 3 years ago • 0 comments

One tale of the the CVE-2021-44228 vulnerability is to not log user controlled data directly. Instead we should only already validated data. The relevant OWASP entry is Log Injection. The namespace we use for logging is blaze.rest-api.middleware.log.

alexanderkiel avatar Dec 15 '21 18:12 alexanderkiel