- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
ID: go-security/error-leakage
Language: Go
Severity: Info
Category: Security
CWE: 532
Passing errors directly to log.Println
or log.Printf
functions can lead to data leakage because these functions typically write the output to a log file, console, or another output without considering the sensitivity of the error message. Error messages often contain sensitive information, such as system paths, user data, or internal application details, which should not be exposed in logs that are accessible to users or unauthorized individuals.
To avoid data leakage when logging errors, it is essential to properly handle error messages by redacting or obfuscating sensitive information before logging them. Instead of passing errors directly to log.Println
or log.Printf
, it is recommended to extract only the necessary information from the error and log a more generic and secure error message that does not expose sensitive details.
Additionally, consider implementing secure logging practices, such as logging error codes or identifiers rather than full error messages, implementing access controls to restrict access to logs containing sensitive information, and regularly reviewing and auditing the contents of logs to ensure they do not leak sensitive data. By following these best practices, you can improve the security and privacy of your application’s logging mechanisms and prevent potential data leakage incidents.
func main() {
log.Println(err.Error())
log.Println(fmt.Sprintf("%s", err.Error()))
log.Printf(fmt.Sprintf("%s", err.Error()))
log.Printf(fmt.Sprintf("%s", r.Header.Get("User-Agent")))
log.Printf("Request From %s", r.Header.Get("User-Agent"))
}
func main() {
log.Println("error detected")
}