Leakage of sensitive information in logger message
- Rule ID: go_lang_logger
- Languages: go
- Source: logger.yml
Description
Leakage of sensitive information in logger messages can compromise data security. This vulnerability arises when sensitive data is included in log messages, potentially leading to unauthorized access.
Remediations
- Do not include sensitive data, such as email addresses, in logger messages. This can inadvertently expose personal information.
logger.info(f"User is: '{user.email}'") // unsafe - Do use non-sensitive, unique identifiers, like user UUIDs, in logger messages to maintain user privacy and data security.
logger.info(f"User is: '{user.uuid}'")
References
Associated CWE
OWASP Top 10
Configuration
To skip this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --skip-rule=go_lang_loggerTo run only this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --only-rule=go_lang_logger