Possible CLRF injection detected

• Rule ID: java_lang_crlf_injection
• Languages: java
• Source: crlf_injection.yml

Description

CRLF (Carriage Return Line Feed) injection vulnerability occurs when an attacker is able to insert a sequence of line termination characters into a log message. This can lead to forged log entries, compromising the integrity of log files.

Remediations

• Do strip any carriage return and line feed characters from user input data before logging it. This prevents attackers from injecting malicious CRLF sequences.

  logger.info(userInput.replaceAll("[\r\n]+", ""));

References

• OWASP CRLF Injection
• OWASP Logging Cheat Sheet

Associated CWE

• CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')

OWASP Top 10

• A03:2021 - Injection

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=java_lang_crlf_injection

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=java_lang_crlf_injection