Merge pull request #8410 from joefarebrother/sensitive-logging

Java: Promote Sensitive Logging query
2026-06-18 19:31:11 +02:00 · 2022-03-14 14:50:26 +00:00
parent 9f02ca0db2 ca8237b9de
commit d4b5eed3e4
10 changed files with 79 additions and 49 deletions
--- a/java/ql/src/Security/CWE/CWE-532/SensitiveInfoLog.java
+++ b/java/ql/src/Security/CWE/CWE-532/SensitiveInfoLog.java
@@ -0,0 +1,19 @@
+public static void main(String[] args) {
+    {
+        private static final Logger logger = LogManager.getLogger(SensitiveInfoLog.class);
+
+        String password = "Pass@0rd";
+
+        // BAD: user password is written to debug log
+        logger.debug("User password is "+password);
+    }
+	
+    {
+        private static final Logger logger = LogManager.getLogger(SensitiveInfoLog.class);
+  
+        String password = "Pass@0rd";
+
+        // GOOD: user password is never written to debug log
+        logger.debug("User password changed")
+    }
+}
--- a/java/ql/src/Security/CWE/CWE-532/SensitiveInfoLog.qhelp
+++ b/java/ql/src/Security/CWE/CWE-532/SensitiveInfoLog.qhelp
@@ -0,0 +1,26 @@
+<!DOCTYPE qhelp PUBLIC
+  "-//Semmle//qhelp//EN"
+  "qhelp.dtd">
+<qhelp>
+
+<overview>
+<p>Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. Third-party logging utilities like Log4J and SLF4J are widely used in Java projects. When sensitive information is written to logs without properly set logging levels, it is accessible to potential attackers who can use it to gain access to
+file storage.</p>
+</overview>
+
+<recommendation>
+<p>Do not write secrets into the log files and enforce proper logging level control.</p>
+</recommendation>
+
+<example>
+<p>The following example shows two ways of logging sensitive information. In the 'BAD' case,
+the credentials are simply written to a debug log. In the 'GOOD' case, the credentials are never written to debug logs.</p>
+<sample src="SensitiveInfoLog.java" />
+</example>
+
+<references>
+<li>
+<a href="https://cheatsheetseries.owasp.org/cheatsheets/Logging_Cheat_Sheet.html">OWASP Logging Guide</a>
+</li>
+</references>
+</qhelp>
--- a/java/ql/src/Security/CWE/CWE-532/SensitiveInfoLog.ql
+++ b/java/ql/src/Security/CWE/CWE-532/SensitiveInfoLog.ql
@@ -0,0 +1,20 @@
+/**
+ * @name Insertion of sensitive information into log files
+ * @description Writing sensitive information to log files can allow that
+ *              information to be leaked to an attacker more easily.
+ * @kind path-problem
+ * @problem.severity warning
+ * @precision medium
+ * @id java/sensitive-log
+ * @tags security
+ *       external/cwe/cwe-532
+ */
+
+import java
+import semmle.code.java.security.SensitiveLoggingQuery
+import PathGraph
+
+from SensitiveLoggerConfiguration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
+where cfg.hasFlowPath(source, sink)
+select sink.getNode(), source, sink, "This $@ is written to a log file.", source.getNode(),
+  "potentially sensitive information"