Improper Output Neutralization for Logs in C# - Veracode Issue

Asked Aug 17 '23 at 02:01

Active Aug 17 '23 at 05:25

Viewed 30 times

The below code is for logging sVal value. So I am getting Veracode issue of CWE-117: Improper Output Neutralization for Logs. Could anyone help on this to resolve.

public void AddTracing(Dictionary<string, string> keyValueCollection, Exception?exceptionDetails)
{
    foreach (KeyValuePair<string, string> dicItem in keyValueCollection)
    {
        string sVal = dicItem.Value.Replace("\n", "___").Replace("\r", "__");
        if (dicItem.Key.Equals(Constant.LogMessage))
        {
            _logHelper.LogInformation("SVal", sVal);
        }
    }
}

edited Aug 17 '23 at 05:25

Brian Tompsett - 汤莱恩

5,753
72
57
129

asked Aug 17 '23 at 02:01

sameera guntimadugu

Never seen that one before. Did you search for it on the internet. This (https://9to5answer.com/how-to-fix-veracode-cwe-117-improper-output-neutralization-for-logs) says to do roughly what you did. Are you still getting flagged? Generally when I've done security issue remediation, the Security software had examples and sample remediations. Are you following their advice? Are you checking the logs to see if what you ate doing is doing what you expect? – Flydog57 Aug 17 '23 at 04:08
Did you see the Stackoverflow suggestion for your issue: https://stackoverflow.com/questions/46564555/pass-veracode-cwe-117-improper-output-neutralization-for-logs-only-with-replac?rq=2 – Flydog57 Aug 17 '23 at 04:14

Improper Output Neutralization for Logs in C# - Veracode Issue

0 Answers0