CodeQL documentation

Clear-text logging of sensitive information

ID: py/clear-text-logging-sensitive-data
Kind: path-problem
Security severity: 7.5
Severity: error
Precision: high
Tags:
   - security
   - external/cwe/cwe-312
   - external/cwe/cwe-359
   - external/cwe/cwe-532
Query suites:
   - python-code-scanning.qls
   - python-security-extended.qls
   - python-security-and-quality.qls

Click to see the query in the CodeQL repository

If sensitive data is written to a log entry it could be exposed to an attacker who gains access to the logs.

Potential attackers can obtain sensitive user data when the log output is displayed. Additionally that data may expose system information such as full path names, system information, and sometimes usernames and passwords.

Recommendation

Sensitive data should not be logged.

Example

In the example the entire process environment is logged using `print`. Regular users of the production deployed application should not have access to this much information about the environment configuration.

# BAD: Logging cleartext sensitive data
import os
print(f"[INFO] Environment: {os.environ}")

In the second example the data that is logged is not sensitive.

not_sensitive_data = {'a': 1, 'b': 2}
# GOOD: it is fine to log data that is not sensitive
print(f"[INFO] Some object contains: {not_sensitive_data}")

References

  • © GitHub, Inc.
  • Terms
  • Privacy