Ensure no sensitive information is being logged

Documentos > Datadog Security > Code Security > Static Code Analysis (SAST) > Reglas de SAST > Ensure no sensitive information is being logged

Esta página aún no está disponible en español. Estamos trabajando en su traducción.
Si tienes alguna pregunta o comentario sobre nuestro actual proyecto de traducción, no dudes en ponerte en contacto con nosotros.

Metadata

ID: csharp-security/ensure-secure-logging

Language: C#

Severity: Error

Category: Security

CWE: 778

Description

No description found

Non-Compliant Code Examples

using System.Web;
using System.Web.Mvc;
using NLog;

public class UserController : Controller
{
    private static readonly Logger _logger = LogManager.GetCurrentClassLogger();
    
    [HttpPost]
    public ActionResult Register(string username)
    {
        if (!string.IsNullOrEmpty(username))
        {
            _logger.Warn("Registration attempt for user: " + username); // Noncompliant
        }
        return View();
    }
}

void main() {}

Compliant Code Examples

public class UserController : Controller
{
    private static readonly Logger _logger = LogManager.GetCurrentClassLogger();
    
    [HttpPost]
    public ActionResult Register(string username)
    {
        if (!string.IsNullOrEmpty(username))
        {
            string sanitized = username.Replace('\n', ' ').Replace('\r', ' ').Replace('\t', ' ');
            _logger.Warn("Registration attempt for user: " + sanitized);
        }
        return View();
    }
}