Skip to content

Commit

Permalink
fix: sanitize message to prevent log injection
Browse files Browse the repository at this point in the history
  • Loading branch information
@kristian4res
kristian4res committed Nov 5, 2024
1 parent 5a57a47 commit 0168d13
Showing 1 changed file with 6 additions and 2 deletions.
8 changes: 6 additions & 2 deletions server/logger/cloudLogging.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,11 +15,15 @@ export default class AuditLogger {
}

info(logger: IncomingMessage["log"], message: string): void {
logger.info(`AUDIT_LOG: ${message}`);
const logFormat = "AUDIT_LOG: message";
const log = logFormat.replace("message", message);
logger.info(log);

Check warning

Code scanning / CodeQL

Log injection Medium

Log entry depends on a
user-provided value
Loading
.
Log entry depends on a
user-provided value
Loading
.
Log entry depends on a
user-provided value
Loading
.
Log entry depends on a
user-provided value
Loading
.
Log entry depends on a
user-provided value
Loading
.
Log entry depends on a
user-provided value
Loading
.
}

error(logger: IncomingMessage["log"], message: string): void {
logger.error(`AUDIT_LOG: ${message}`);
const logFormat = "AUDIT_LOG: message";
const log = logFormat.replace("message", message);
logger.error(log);

Check warning

Code scanning / CodeQL

Log injection Medium

Log entry depends on a
user-provided value
Loading
.
Log entry depends on a
user-provided value
Loading
.
Log entry depends on a
user-provided value
Loading
.
Log entry depends on a
user-provided value
Loading
.
Log entry depends on a
user-provided value
Loading
.
}

async getLogs(): Promise<AuditLog[]> {
Expand Down

0 comments on commit 0168d13

Please sign in to comment.