...
Logging unsanitized user input can also result in leaking sensitive data across a trust boundary, or storing sensitive data in a manner that violates local law or regulation. See rule IDS00-J for more details on input sanitization. For example, if a user can inject an unencrypted credit card number into a log file, the system could violate PCI DSS regulations ([PCI 2010)]. See rule IDS00-J for more details on input sanitization.
Noncompliant Code Example
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="8d5e6b820e911636-db6707ab-4bef461a-912bb25b-054525a862ea74aae039a182"><ac:plain-text-body><![CDATA[ | [ISO/IEC TR 24772:2010 | http://www.aitcnet.org/isai/] | Injection [RST] | ]]></ac:plain-text-body></ac:structured-macro> |
CWE-144. Improper Neutralization neutralization of Line Delimiters line delimiters | ||||
| CWE-150. Improper Neutralization neutralization of Escapeescape, Metameta, or Control Sequences control sequences |
Bibliography
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="38e8d6d3a16dc6de-7124e210-48c349a4-a7338f2a-08300668dc77808e69dd7b41"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. Bibliography#API 06]] | ]]></ac:plain-text-body></ac:structured-macro> | ||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="920690341c041ce7-fdfcc751-427f4d05-b270aac1-c83aedfe4d8402ddc667673f"><ac:plain-text-body><![CDATA[ | [[OWASP 2008 | AA. Bibliography#OWASP 08]] | [Log Injection | https://www.owasp.org/index.php/Log_injection] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="f25c011b1840986a-15c5091e-465b42b6-aa87ae4b-3fd0fc55a2915272178671e5"><ac:plain-text-body><![CDATA[ | [[PCI DSS Standard | https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml]] | ]]></ac:plain-text-body></ac:structured-macro> |
...