防止黑客通过提交crlf字符伪造日志输出,采用统一在logback输出的时候对记录的log输出进行任何crlf字符进行编码,无需针对某一条log输出进行编码输出

 

--pom依赖

<!-- https://mvnrepository.com/artifact/org.owasp/security-logging-logback -->
<dependency>
<groupId>org.owasp</groupId>
<artifactId>security-logging-logback</artifactId>
<version>1.1.6</version>
</dependency>


 

 PenTest-log for ging解决方案_java

 

原理:

PenTest-log for ging解决方案_github_02

 

 

 

 

 

引用:

https://github.com/javabeanz/owasp-security-logging/wiki/Log-Forging