Cleartext logging of sensitive information¶
ID: rust/cleartext-logging
Kind: path-problem
Security severity: 7.5
Severity: warning
Precision: high
Tags:
- security
- external/cwe/cwe-312
- external/cwe/cwe-359
- external/cwe/cwe-532
Query suites:
- rust-code-scanning.qls
- rust-security-extended.qls
- rust-security-and-quality.qls
Click to see the query in the CodeQL repository
Sensitive user data and system information that is logged could be exposed to an attacker when it is displayed. Also, external processes often store the standard output and standard error streams of an application, which will include logged sensitive information.
Recommendation¶
Do not log sensitive data. If it is necessary to log sensitive data, encrypt it before logging.
Example¶
The following example code logs user credentials (in this case, their password) in plaintext:
let password = "P@ssw0rd";
info!("User password changed to {password}");
Instead, you should encrypt the credentials, or better still, omit them entirely:
let password = "P@ssw0rd";
info!("User password changed");
References¶
M. Dowd, J. McDonald and J. Schuhm, The Art of Software Security Assessment, 1st Edition, Chapter 2 - ‘Common Vulnerabilities of Encryption’, p. 43. Addison Wesley, 2006.
M. Howard and D. LeBlanc, Writing Secure Code, 2nd Edition, Chapter 9 - ‘Protecting Secret Data’, p. 299. Microsoft, 2002.
Common Weakness Enumeration: CWE-312.
Common Weakness Enumeration: CWE-359.
Common Weakness Enumeration: CWE-532.