Expand my Community achievements bar.

Dive into Adobe Summit 2024! Explore curated list of AEM sessions & labs, register, connect with experts, ask questions, engage, and share insights. Don't miss the excitement.
SOLVED

Change this code to not log user-controlled data.

Avatar

Level 5

On logs as mentioned below, SonarQube throws an issue stating 'Change this code to not log user-controlled data.'

 

LOGGER.error("Unable to adapt resource at path {} to a Page object",
rootPagePath);
 
Why is this an issue?
1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Hi @goyalkritika,

 

Logging user-controlled data considered a security vulnerability. Attackers can manipulate user-controlled data to inject malicious code or exploit application vulnerabilities. In this case, the rootPagePath parameter is logged with the error message. If an attacker is able to control the value of rootPagePath, they can use it to inject their own code or perform other attacks on the application. This problem can be fixed by removing user-controlled data logging from the code.

View solution in original post

1 Reply

Avatar

Correct answer by
Community Advisor

Hi @goyalkritika,

 

Logging user-controlled data considered a security vulnerability. Attackers can manipulate user-controlled data to inject malicious code or exploit application vulnerabilities. In this case, the rootPagePath parameter is logged with the error message. If an attacker is able to control the value of rootPagePath, they can use it to inject their own code or perform other attacks on the application. This problem can be fixed by removing user-controlled data logging from the code.