Description

Detects log injection vulnerabilities in C# code where untrusted user input is written directly to log streams using WriteLine methods. This could allow attackers to inject malicious content into log files, potentially leading to log forging or log file tampering.

Detection Strategy

• Identifies calls to WriteLine method that write to stream objects

• Checks if the WriteLine arguments contain data originating from user input or untrusted sources

• Reports a vulnerability when user-controlled data is directly written to log streams without proper sanitization

Vulnerable code example

using Microsoft.AspNetCore.Mvc;
using System.IO;

public class LogController : Controller
{
    [HttpGet]
    public IActionResult Log(HttpRequest request)
    {...

✅ Secure code example

using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Http;
using System.IO;
using System.Text;
using System.Text.RegularExpressions;

public class LogController : Controller
{...