Missing output neutralization for logs

Rule ID: go_lang_log_output_neutralization
Languages: go
Source: log_output_neutralization.yml

Description

Logging unsanitized external input directly can introduce log injection vulnerabilities. This occurs when external data is logged without being cleaned, potentially allowing attackers to insert malicious content into your logs.

Remediations

Do not log unsanitized external input directly. This practice can make your application vulnerable to log injection attacks.
Do use printf methods with %q format for logging external input. This method ensures that the input is safely encoded, preventing log injection.
```
dangerousInput := os.Args[0]
logger.Printf("Args: %q", dangerousInput)
```
Do manually escape external strings before logging them. This approach allows you to sanitize input by escaping potentially dangerous characters.
```
dangerousInput := os.Args[0]
sanitizedInput := strconv.Quote(dangerousInput)
logger.Print(sanitizedInput)
```

Associated CWE

CWE-117: Improper Output Neutralization for Logs

OWASP Top 10

A09:2021 - Security Logging and Monitoring Failures

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=go_lang_log_output_neutralization

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=go_lang_log_output_neutralization