Security Logging & Monitoring Failures (A09:2021)

Analyze PHP code for logging and monitoring security issues.

Detection Patterns

1. Log Injection

// CRITICAL: User input directly in log message
$this->logger->info("User logged in: " . $request->get('username'));
// Attacker input: "admin\n[CRITICAL] System breached"
// Creates fake log entries!

// CRITICAL: Multiline injection
$this->logger->info("Search query: " . $_GET['q']);
// Input: "test\n2025-01-01 [ERROR] Payment failed for user=admin token=abc123"