Skip to content

Tag: secure-coding

Checkmarx Java fix for Log Forging -sanitizing user input

Can anyone suggest the proper sanitization/validation process required for the courseType variable in the following getCourses method. I am using that variable to write in a log file. I’ve tried HtmlUtils.HtmlEscape() but didn’t get expected results. Thanks! Answer it seems like the Checkmarx tool is correct in this case. A “Log Forging” vulnerability means that an attacker could engineer logs