I am trying to write LOGS to the file using the logging module in python. When I ran the code through Sonarqube, it has shown me the following security hotspot error in terms of logging.
python code :
import logging
logging.basicConfig(filename='logs.txt',
level=logging.DEBUG,
format="%(asctime)s:%(filename)s:%(funcName)s:%(lineno)d:%(message)s")
For this type of logging declaration, the sonarqube is showing a log-injection.
What is the best practice of logging a package in python using Logging module within the norms of the Sonarqube rules.
It looks to me like a false positive. You can ask a question about it on their community forum, asking how this specific example is a log injection.
It is possible to have log injections, of course, but not in this vanilla example as far as I can see.