Lang
Best practice
structured-logging
structured-logging
String interpolation in log message obscures the distinction between variables and the log message. Use structured logging instead, where the variables are passed as additional arguments and the interpolation is performed by the logging library. This reduces the possibility of log injection and makes it easier to search through logs.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-117: Improper Output Neutralization for Logs
OWASP:
- A09:2021 - Security Logging and Monitoring Failures