Leakage of information in logger message

Description

Information leakage through logger messages can result in data breaches. This vulnerability arises when dynamic data or variables, which may contain sensitive information, are included in log messages.

Remediations

  • Do not include variables or dynamic data containing sensitive information in logger messages. This can inadvertently expose sensitive data.
    logger.info(f"User is: '{user.email}'") // unsafe
  • Do sanitize or remove sensitive information from data before logging. Ensure that logged information does not contain any personal or confidential data.

Associated CWE

OWASP Top 10

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=go_lang_logger_leak

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=go_lang_logger_leak