Log forging in checkmarx scan in Java
How to resolve log forging for Java in a checkmarx scan. I tried sanitizing input before putting in the log file. But, it still complains validate or sanitize the input before logging. Please help me to resolve this issue.
I used data sanitize method before logging anything and converted the harmful strings then made the bug as not exploitable in checkmarx there by security team unflagged the issue. Checkmarx don't intelligently validate the method, security team made the issue not exploitable.