...
Unfortunately, violations of this rule are common. For example, prior to version 0.8.1, the LineControl Java client logged sensitive information, including the local user's password, as documented by CVE-2005-2990.
...
If the log cannot contain IP addresses, it should not contain any information about a SecurityException. When an exception contains sensitive information, the custom MyExceptionReporter class should extract or cleanse it, before returning control to the next statement in the catch block (see ERR00-J. Do not suppress or ignore checked exceptions).
The MyExceptionReporter.handle() method may also do its own logging, after filtering out sensitive information.
| Code Block | ||
|---|---|---|
| ||
public void logRemoteIPAddress(String name) {
Logger logger = Logger.getLogger("com.organization.Log");
InetAddress machine = null;
try {
machine = InetAddress.getByName(name);
} catch (UnknownHostException e) {
Exception e = MyExceptionReporter.handle(e);
} catch (SecurityException e) {
Exception e = MyExceptionReporter.handle(e);
logger.severe(name + "," + machine.getHostAddress() + "," + e.toString());
}
}
|
...
This compliant solution does not log security exceptions, except for the logging implicitly performed by MyExceptionReporter.
| Code Block | ||
|---|---|---|
| ||
// ...
catch (SecurityException e) {
Exception e = MyExceptionReporter.handle(e);
}
|
...
Log messages with sensitive information should not be printed to the console display for security reasons (a possible example might be passenger age). The java.util.logging.Logger class supports different logging levels that can be used for classifying such information. These are FINEST, FINER, FINE, CONFIG, INFO, WARNING, and SEVERE. By default, the INFO, WARNING, and SEVERE levels print the message to the console, which is accessible by end users and system administrators.
Assuming If we assume that the passenger age can appear in system log files on the current system but not on the console display, this code example is noncompliant.
...
This compliant solution logs the passenger age at the FINEST level to prevent this information from displaying on the console. As noted above, we are assuming the age may appear in system log files, but not on the console.
| Code Block | ||
|---|---|---|
| ||
// make sure that all handlers only print log messages rated INFO or higher
Handler handlers[] = logger.getHandlers();
for (int i = 0; i < handlers.length; i++) {
handlers[i].setLevel(Level.INFO);
}
// ...
logger.finest("Age: " + passengerAge);
|
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="10fe5e7569c203ab-9bfc3315-4d68461a-a6f3a3af-6fbcac13811054c040a0990e"><ac:plain-text-body><![CDATA[ | [[MITRE 2009 | AA. Bibliography#MITRE 09]] | [CWE-532 | http://cwe.mitre.org/data/definitions/532.html] "Information Exposure Through Log Files" | ]]></ac:plain-text-body></ac:structured-macro> |
| CWE-533 "Information Exposure Through Server Log Files" | ||||
| CWE-359 "Privacy Violation" | ||||
| CWE-542 "Information Exposure Through Cleanup Log Files" |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="29be5f251319dc41-955efbfa-47814232-bb24af96-0d20085bae582556addfd735"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. Bibliography#API 06]] | Class | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="8bce154a9e0053cc-0bf21166-45834243-a51eb93e-0cdd1bb55b4fec601f385c12"><ac:plain-text-body><![CDATA[ | [[Chess 2007 | AA. Bibliography#Chess 07]] | 11.1 Privacy and Regulation: Handling Private Information | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="9f1439af0b97a902-adc41030-48264b43-82b3a238-c3c5882cff914991e76d3080"><ac:plain-text-body><![CDATA[ | [[CVE 2008 | AA. Bibliography#CVE 08]] | [CVE-2005-2990 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2990] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="9fd17bbb7d00e2c5-766debb9-45d84ad9-924083d9-ce27bffdf052b536e71a21fd"><ac:plain-text-body><![CDATA[ | [[Sun 2006 | AA. Bibliography#Sun 06]] | [Java Logging Overview | http://java.sun.com/javase/6/docs/technotes/guides/logging/overview.html] | ]]></ac:plain-text-body></ac:structured-macro> |
...