Insertion of sensitive information into log files¶
ID: java/sensitive-logKind: path-problemSecurity severity: 7.5Severity: warningPrecision: mediumTags: - security - external/cwe/cwe-532Query suites: - java-security-extended.qls - java-security-and-quality.qls
Click to see the query in the CodeQL repository
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. Third-party logging utilities like Log4J and SLF4J are widely used in Java projects. When sensitive information is written to logs without properly set logging levels, it is accessible to potential attackers who can use it to gain access to file storage.
Recommendation¶
Do not write secrets into the log files and enforce proper logging level control.
Example¶
The following example shows two ways of logging sensitive information. In the ‘BAD’ case, the credentials are simply written to a debug log. In the ‘GOOD’ case, the credentials are never written to debug logs.
publicstaticvoidmain(String[]args){{privatestaticfinalLoggerlogger=LogManager.getLogger(SensitiveInfoLog.class);Stringpassword="Pass@0rd";// BAD: user password is written to debug loglogger.debug("User password is "+password);}{privatestaticfinalLoggerlogger=LogManager.getLogger(SensitiveInfoLog.class);Stringpassword="Pass@0rd";// GOOD: user password is never written to debug loglogger.debug("User password changed")}}
References¶
Common Weakness Enumeration:CWE-532.