Leakage of sensitive information in logger message

• Rule ID: python_lang_logger
• Languages: python
• Source: logger.yml

Description

Sensitive information leakage through logger messages can compromise data security. This vulnerability arises when sensitive data is inadvertently included in log messages, posing a risk of unauthorized disclosure.

Remediations

• Do not include sensitive data in logger messages. This can lead to unintentional exposure of private information.

  logger.info(f"User is: '{user.email}'") # unsafe

• Do use non-sensitive, unique identifiers to log user information. This approach maintains privacy and security.

  logger.info(f"User is: '{user.uuid}'")

References

• OWASP Logging Cheat Sheet

Associated CWE

• CWE-532: Insertion of Sensitive Information into Log File

OWASP Top 10

• A09:2021 - Security Logging and Monitoring Failures

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=python_lang_logger

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=python_lang_logger