...
Logging sensitive information can violate system security policies and can violate user privacy when the logging level is incorrect or when the log files are insecure.
Rule | Severity | Likelihood | Detectable | RepairableRemediation Cost | Priority | Level |
|---|---|---|---|---|---|---|
FIO13-J | Medium | Probable | No | NoHigh | P4 | L3 |
Automated Detection
| Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Parasoft Jtest |
| CERT.FIO13.SENS CERT.FIO13.LHII CERT.FIO13.PEO CERT.FIO13.CONSEN | Prevent exposure of sensitive data Avoid logging sensitive Hibernate-related information at the 'info' level in 'log4j.properties' files Do not pass exception messages into output in order to prevent the application from leaking sensitive information Do not log confidential or sensitive information |
...