SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 56

changes.mady.by.user Tracey Tamules

Saved on

compared with

New Version 57

changes.mady.by.user Tracey Tamules

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

For these code samples, we will assume that the log in question lies outside the trust boundary of the information being sent to it. Also, normal log messages should include additional parameters such as date, time, source event, and so forth. This information has been omitted from our examples for the brevity.

Noncompliant Code Example

In this noncompliant code example, a server logs the IP address of the remote client in the event of a security exception. This data can be misused, for example, to build a profile of a user's browsing habits. Such logging may violate legal restrictions in many countries.

...

Code Block
bgColor#FFcccc
public void logRemoteIPAddress(String name) {
  Logger logger = Logger.getLogger("com.organization.Log");
  InetAddress machine = null;
  try {
    machine = InetAddress.getByName(name);
  } catch (UnknownHostException e) { 
    Exception e = MyExceptionReporter.handle(e);
  } catch (SecurityException e) {
    Exception e = MyExceptionReporter.handle(e);
    logger.severe(name + "," + machine.getHostAddress() + "," + e.toString());
  }
}

Compliant Solution

This compliant solution does not log security exceptions.

Code Block
bgColor#ccccff
   // ...
  catch (SecurityException e) {
    Exception e = MyExceptionReporter.handle(e);
  }

Noncompliant Code Example

Log messages with sensitive information should not be printed to the console display for security reasons (a possible example might be passenger age). The java.util.logging.Logger class supports different logging levels that can be used for classifying such information. These are FINEST, FINER, FINE, CONFIG, INFO, WARNING and SEVERE. By default, the INFO, WARNING and SEVERE levels print the message to the console, which is accessible by end users and system administrators.

...

Code Block
bgColor#FFcccc
logger.info("Age: " + passengerAge);

Compliant Solution

This compliant solution logs the passenger age at the FINEST level to prevent this information from displaying on the console.

Code Block
bgColor#ccccff
// make sure that all handlers only print log messages rated INFO or higher
Handler handlers[] = logger.getHandlers();
for (int i = 0; i < handlers.length; i++) {
  handlers[i].setLevel(Level.INFO);
}
// ...
logger.finest("Age: " + passengerAge);

Risk Assessment

Logging sensitive information can violate system security policies and can violate user privacy when the logging level is incorrect or when the log files are insecure.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

FIO08-J

medium

probable

high

P4

L3

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="87e74722bf273308-1f6ebf13-4a1145a4-90f38e57-140c32324fb1b8a3a15a1d63"><ac:plain-text-body><![CDATA[

[[MITRE 2009

AA. Bibliography#MITRE 09]]

[CWE ID 532

http://cwe.mitre.org/data/definitions/532.html] "Information Exposure Through Log Files"

]]></ac:plain-text-body></ac:structured-macro>

 

CWE ID 533 "Information Exposure Through Server Log Files"

 

CWE ID 359 "Privacy Violation"

 

CWE ID 542 "Information Exposure Through Cleanup Log Files"

Bibliography

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="74b29a98306d5562-e8f205b3-4d5944bc-99478271-004fb1db466cdcb49f66d6e2"><ac:plain-text-body><![CDATA[

[[API 2006

AA. Bibliography#API 06]]

Class java.util.logging.Logger

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="c8b3de548db32540-8b17d603-403e4211-8d30bec4-e5d77ca280b5f5b1e0377e18"><ac:plain-text-body><![CDATA[

[[Chess 2007

AA. Bibliography#Chess 07]]

11.1 Privacy and Regulation: Handling Private Information

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="5ddefc214fb414b4-9bd47f91-481849b7-b20e98ba-fc77ee043120e438bf92adb4"><ac:plain-text-body><![CDATA[

[[CVE 2008

AA. Bibliography#CVE 08]]

[CVE-2005-2990

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2990]

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="8540f8d6d62494b0-4a47df26-4d2341c2-924da08a-fb8e6086dd89828cc4c78a5b"><ac:plain-text-body><![CDATA[

[[Sun 2006

AA. Bibliography#Sun 06]]

[Java Logging Overview

http://java.sun.com/javase/6/docs/technotes/guides/logging/overview.html]

]]></ac:plain-text-body></ac:structured-macro>

...