Cleartext logging of sensitive information¶
ID: rust/cleartext-loggingKind: path-problemSecurity severity: 7.5Severity: warningPrecision: highTags: - security - external/cwe/cwe-312 - external/cwe/cwe-359 - external/cwe/cwe-532Query suites: - rust-code-scanning.qls - rust-security-extended.qls - rust-security-and-quality.qls
Click to see the query in the CodeQL repository
Sensitive user data and system information that is logged could be exposed to an attacker when it is displayed. Also, external processes often store the standard output and standard error streams of an application, which will include logged sensitive information.
Recommendation¶
Do not log sensitive data. If it is necessary to log sensitive data, encrypt it before logging.
Example¶
The following example code logs user credentials (in this case, their password) in plaintext:
letpassword="P@ssw0rd";info!("User password changed to {password}");
Instead, you should encrypt the credentials, or better still, omit them entirely:
letpassword="P@ssw0rd";info!("User password changed");
References¶
M. Dowd, J. McDonald and J. Schuhm,The Art of Software Security Assessment, 1st Edition, Chapter 2 - ‘Common Vulnerabilities of Encryption’, p. 43. Addison Wesley, 2006.
M. Howard and D. LeBlanc,Writing Secure Code, 2nd Edition, Chapter 9 - ‘Protecting Secret Data’, p. 299. Microsoft, 2002.
Common Weakness Enumeration:CWE-312.
Common Weakness Enumeration:CWE-359.
Common Weakness Enumeration:CWE-532.