Ensure no sensitive information is being logged

문서 > Datadog 보안 > Code Security > Static Code Analysis (SAST) > SAST 규칙 > Ensure no sensitive information is being logged

이 페이지는 아직 한국어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Metadata

ID: csharp-security/ensure-secure-logging

Language: C#

Severity: Error

Category: Security

CWE: 778

Description

This rule ensures that no sensitive information, such as passwords, personal identifiers, or confidential data, is written to logs. Logging sensitive data can lead to serious security vulnerabilities, including unauthorized access and data leaks, which can compromise user privacy and violate compliance requirements.

It is important to treat logs as potentially accessible by various parties, including developers, administrators, or attackers who gain access to the system. Therefore, sensitive information should never be recorded in logs in plaintext or any identifiable form.

To comply with this rule, developers should carefully review logging statements and avoid including sensitive parameters directly and sanitize information being logged. Log only non-sensitive metadata or sanitized information. For example, rather than logging password or full usernames, consider logging the occurrence of an event without sensitive details or use masking and sanitization techniques before logging.

By following these practices, you reduce the risk of sensitive data exposure while still maintaining useful logs for debugging and monitoring application behavior.

Non-Compliant Code Examples

using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Logging;

public class AccountController : Controller
{
    private readonly ILogger<AccountController> _logger;

    public AccountController(ILogger<AccountController> logger)
    {
        _logger = logger;
    }

    [HttpPost]
    public IActionResult Login(string username, string password)
    {
        _logger.LogInformation("User {username} attempting to log in", username);

        // authentication logic...
        return Ok();
    }
}

using System.Web;
using System.Web.Mvc;
using NLog;

public class UserController : Controller
{
    private static readonly Logger _logger = LogManager.GetCurrentClassLogger();
    
    [HttpPost]
    public ActionResult Register(string username)
    {
        if (!string.IsNullOrEmpty(username))
        {
            _logger.Warn("Registration attempt for user: " + username); // Noncompliant
        }
        return View();
    }
}

void main() {}

Compliant Code Examples

public class UserController : Controller
{
    private static readonly Logger _logger = LogManager.GetCurrentClassLogger();
    
    [HttpPost]
    public ActionResult Register(string username)
    {
        if (!string.IsNullOrEmpty(username))
        {
            string sanitized = username.Replace('\n', ' ').Replace('\r', ' ').Replace('\t', ' ');
            _logger.Warn("Registration attempt for user: " + sanitized);
        }
        return View();
    }
}