Page History

...

When the log cannot contain IP addresses, it should not contain any information about a SecurityException, because it might leak an IP address. When an exception contains sensitive information, the custom MyExceptionReporter class should extract or cleanse it before returning control to the next statement in the catch block (see rule ERR00-J. Do not suppress or ignore checked exceptions).

public void logRemoteIPAddress(String name) {
  Logger logger = Logger.getLogger("com.organization.Log");
  InetAddress machine = null;
  try {
    machine = InetAddress.getByName(name);
  } catch (UnknownHostException e) {
    Exception e = MyExceptionReporter.handle(e);
  } catch (SecurityException e) {
    Exception e = MyExceptionReporter.handle(e);
    logger.severe(name + "," + machine.getHostAddress() + "," +
                  e.toString());
  }
}

...

This compliant solution does not log security exceptions except for the logging implicitly performed by MyExceptionReporter.

  // ...
  catch (SecurityException e) {
    Exception e = MyExceptionReporter.handle(e);
  }

...

If we assume that the passenger age can appear in log files on the current system but not on the console display, this code example is noncompliant.

logger.info("Age: " + passengerAge);

...

This compliant solution logs the passenger age at the FINEST level to prevent this information from displaying on the console. As noted previously, we are assuming the age may appear in system log files but not on the console.

// make sure that all handlers only print log messages rated INFO or higher
Handler handlers[] = logger.getHandlers();
for (int i = 0; i < handlers.length; i++) {
  handlers[i].setLevel(Level.INFO);
}
// ...
logger.finest("Age: " + passengerAge);

...

Android Implementation Details

DRD04-J. Do not log sensitive information is an Android specific instance of this rule.

Bibliography

      12. Input Output (FIO)