Veracode Issue : Improper Output Neutralization for Logs

Question

LOGGER.debug("response" + SecurityUtils.htmlEscape(result.toString()));

Veracode Issue: Improper Output Neutralization for Logs

Why veracode still detects a bug in the above line?

score 0 · Answer 1 · answered Jan 08 '20 at 11:36

0

Removed the loggers where we are logging unnecessary request and response.

And for Other loggers statements: Issue fixed , instead of encoding the value, we have used ESAPI logger to log statements.

answered Jan 08 '20 at 11:36

Chaithra S

score 0 · Answer 2 · answered Jul 21 '22 at 15:07

0

Here is the correct syntax:

LOGGER.debug("response" + WebUtility.HtmlEncode(Convert.ToString(result)));

answered Jul 21 '22 at 15:07

Yash

As it’s currently written, your answer is unclear. Please [edit] to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Jul 24 '22 at 01:06

2 Answers2