...
For these code samples, we will assume that the log in question lies outside the trust boundary of the information being sent to it. Also, normal log messages should include additional parameters such as date, time, source event, and so forth. This information has been ommitted omitted from our examples for the brevity.
...
In this noncompliant code example, a server logs the IP address of the remote client in the event of a security exception. Such This data can be misused in various ways, such as building , for example, to build a profile of a user's browsing habits. Such logging may violate legal restrictions in many countries.
If the log cannot be trusted to hold the IP addresscontain IP addresses, it should not hold contain any info information about a SecurityException. When an exception contains sensitive information, the custom MyExceptionReporter class should extract or cleanse it, before returning control to the next statement in the catch block . (See see rule ERR00-J. Do not suppress or ignore checked exceptions).)
| Code Block | ||
|---|---|---|
| ||
public void logRemoteIPAddress(String name) {
Logger logger = Logger.getLogger("com.organization.Log");
InetAddress machine = null;
try {
machine = InetAddress.getByName(name);
} catch (UnknownHostException e) {
Exception e = MyExceptionReporter.handle(e);
} catch (SecurityException e) {
Exception e = MyExceptionReporter.handle(e);
logger.severe(name + "," + machine.getHostAddress() + "," + e.toString());
}
}
|
Compliant Solution
This compliant solution simply does not log the security exceptionexceptions.
| Code Block | ||
|---|---|---|
| ||
// ...
catch (SecurityException e) {
Exception e = MyExceptionReporter.handle(e);
}
|
Noncompliant Code Example
Some Logged information that is logged should be elided from console display for security reasons (a possible example might be passenger age). The java.util.logging.Logger class supports different logging levels that can be used for classifying such information. These are FINEST, FINER, FINE, CONFIG, INFO, WARNING and SEVERE. All levels after and including INFO, log the message to the console in addition to an external source.
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="80bc5925a4a409a7-9cf6aa5c-4b2041be-96c2a890-a15fb6db2653029b34eba2f4"><ac:plain-text-body><![CDATA[ | [[MITRE 2009 | AA. Bibliography#MITRE 09]] | [CWE ID 532 | http://cwe.mitre.org/data/definitions/532.html] "Information Exposure Through Log Files" | ]]></ac:plain-text-body></ac:structured-macro> |
| CWE ID 533 "Information Exposure Through Server Log Files" | ||||
| CWE ID 359 "Privacy Violation" | ||||
| CWE ID 542 "Information Exposure Through Cleanup Log Files" |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="df9d2f6b9b7b18c9-0352ab2a-40064425-ba6eb095-246e5c99e29b325b72d6845d"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. Bibliography#API 06]] | Class | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="4c7922774b09fcd3-bb8043c0-4773440c-a248aaa2-a9495106902c120d40dee948"><ac:plain-text-body><![CDATA[ | [[Chess 2007 | AA. Bibliography#Chess 07]] | 11.1 Privacy and Regulation: Handling Private Information | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="f4b301958a2e789b-69a11498-42024823-ab62b140-3ad3580d31b68ba39384beaf"><ac:plain-text-body><![CDATA[ | [[CVE 2008 | AA. Bibliography#CVE 08]] | [CVE-2005-2990 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2990] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="2663c6f8ce641074-3099ab74-48bb408b-a026b76a-73ade5fdd4b8845bc5c36845"><ac:plain-text-body><![CDATA[ | [[Sun 2006 | AA. Bibliography#Sun 06]] | [Java Logging Overview | http://java.sun.com/javase/6/docs/technotes/guides/logging/overview.html] | ]]></ac:plain-text-body></ac:structured-macro> |
...