Ensure no sensitive information is being logged

Docs > Datadog Security > Code Security > Static Code Analysis (SAST) > SAST ルール > Ensure no sensitive information is being logged

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Metadata

ID: csharp-security/ensure-secure-logging

Language: C#

Severity: Error

Category: Security

CWE: 778

Description

This rule ensures that no sensitive information, such as passwords, personal identifiers, or confidential data, is written to logs. Logging sensitive data can lead to serious security vulnerabilities, including unauthorized access and data leaks, which can compromise user privacy and violate compliance requirements.

It is important to treat logs as potentially accessible by various parties, including developers, administrators, or attackers who gain access to the system. Therefore, sensitive information should never be recorded in logs in plaintext or any identifiable form.

To comply with this rule, developers should carefully review logging statements and avoid including sensitive parameters directly and sanitize information being logged. Log only non-sensitive metadata or sanitized information. For example, rather than logging password or full usernames, consider logging the occurrence of an event without sensitive details or use masking and sanitization techniques before logging.

By following these practices, you reduce the risk of sensitive data exposure while still maintaining useful logs for debugging and monitoring application behavior.

Non-Compliant Code Examples

using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Logging;

public class AccountController : Controller
{
    private readonly ILogger<AccountController> _logger;

    public AccountController(ILogger<AccountController> logger)
    {
        _logger = logger;
    }

    [HttpPost]
    public IActionResult Login(string username, string password)
    {
        _logger.LogInformation("User {username} attempting to log in", username);

        // authentication logic...
        return Ok();
    }
}

using System.Web;
using System.Web.Mvc;
using NLog;

public class UserController : Controller
{
    private static readonly Logger _logger = LogManager.GetCurrentClassLogger();
    
    [HttpPost]
    public ActionResult Register(string username)
    {
        if (!string.IsNullOrEmpty(username))
        {
            _logger.Warn("Registration attempt for user: " + username); // Noncompliant
        }
        return View();
    }
}

void main() {}

Compliant Code Examples

public class UserController : Controller
{
    private static readonly Logger _logger = LogManager.GetCurrentClassLogger();
    
    [HttpPost]
    public ActionResult Register(string username)
    {
        if (!string.IsNullOrEmpty(username))
        {
            string sanitized = username.Replace('\n', ' ').Replace('\r', ' ').Replace('\t', ' ');
            _logger.Warn("Registration attempt for user: " + sanitized);
        }
        return View();
    }
}