Log Injection Anti-Pattern

Severity: Medium

Summary

Log injection occurs when attackers write arbitrary data into log files by injecting newlines (\n) and carriage returns (\r) through unsanitized user input. Attackers create fake log entries to hide malicious activity, mislead administrators, and exploit log analysis tools.

The Anti-Pattern

Never log unsanitized user input. Attackers inject newline characters to forge log entries.

BAD Code Example

# VULNERABLE: User input logged directly without sanitization
import logging

logging.basicConfig(filename='app.log', level=logging.INFO, format='%(asctime)s - %(message)s')