How to fix Veracode CWE 117 (Improper Output Neutralization for Logs)

后端未结

关注

 5  1659

遥遥无期 2021-02-02 01:21

There is an Spring global @ExceptionHandler(Exception.class) method which logs exception like that:

@ExceptionHandler(Exception.class)
void handleEx


      
      
        
          5条回答        

        
                    
            
            
                         
                
              
              
                
                   忘掉有多难
                                             
                
                
                (楼主)
            
              
              
                2021-02-02 01:35
              

            
            
                        
If you are using Logback use the replace function in your logback config pattern

original pattern 

%d %level %logger : %msg%n


with replace

%d %level %logger : %replace(%msg){'[\r\n]', '_'} %n


if you want to strip 

                                 
              

            

                          
    

        
         
                验证码
                
                  
                
                
                   看不清?
                
              
                                  
                    
   
                 
             
              提交回复