The rule squid:S4792 helps in identifying logging vulnerabilities. It is mentioned that it supports the following logging libraries Log4J, java.util.logging and Logback. Will this rule work with loggers configured using slf4j which adds a layer of abstraction over these libraries and can work with all of them?
Hello @sufyanharoon
S4792 doesn’t support slf4j library but S5145 does.
S5145 is an injection rule available starting SonarQube DE with the goal to provide accurate results (if an issue is reported it’s likely a “log injection vulnerability” which requires a fix).
Eric