Leakage of Information in Logger Message
Last updated
Last updated
Rule ID: java_lang_logger_leak
Applicable Languages: Java
Weakness ID: CWE-532
Information leakage through logger messages can compromise sensitive data. This vulnerability arises when dynamic data or variables, which may contain sensitive information, are included in log messages.
Do not include variables or dynamic data containing sensitive information in logger messages. This can inadvertently expose sensitive data in logs, which are often not adequately protected.
Instead, Do log static messages that do not contain dynamic variables or attributes. This minimizes the risk of accidentally logging sensitive information.
To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our