How can logback (that uses the pattern layout) be secured against log forging attacks ? Is there a configuration property that tells logabck to escape certain reserved characters ?
PS: The ideal solution would be to decorate each converter with configuration supplied decorator, but it seems to be impossible with current design of logback.
This can be done using the replace conversion pattern: http://logback.qos.ch/manual/layouts.html#replace
For instance adding %replace(%m%ex){'([\\|#])','\\$1'} to the pattern will escape |,\,and # in the log message and the exception stacktrace
You can also use this library from owasp cf https://github.com/augustd/owasp-security-logging/wiki/Log-Forging
Here, a full article to undestand how to use it : https://www.srccodes.com/log-forging-by-crlf-log-injection-owasp-security-vulnerability-attacks-crlf/
