Clear-text logging of sensitive informationΒΆ
ID: rb/clear-text-logging-sensitive-data
Kind: path-problem
Security severity: 7.5
Severity: error
Precision: high
Tags:
- security
- external/cwe/cwe-312
- external/cwe/cwe-359
- external/cwe/cwe-532
Query suites:
- ruby-code-scanning.qls
- ruby-security-extended.qls
- ruby-security-and-quality.qls
Click to see the query in the CodeQL repository
Sensitive information that is stored unencrypted is accessible to an attacker who gains access to the storage.
RecommendationΒΆ
Ensure that sensitive information is always encrypted before being stored.
In general, decrypt sensitive information only at the point where it is necessary for it to be used in cleartext.
Be aware that external processes often store the standard out and standard error streams of the application, causing logged sensitive information to be stored as well.
ExampleΒΆ
The following example code logs user credentials (in this case, their password) to standard out in plaintext:
require 'Logger'
class UserSession
@@logger = Logger.new STDOUT
def login(username, password)
# ...
@@logger.info "login with password: #{password})"
end
end
Instead, the credentials should be masked or redacted before logging:
require 'Logger'
class UserSession
@@logger = Logger.new STDOUT
def login(username, password)
# ...
password_escaped = password.sub(/.*/, "[redacted]")
@@logger.info "login with password: #{password_escaped})"
end
end
ReferencesΒΆ
M. Dowd, J. McDonald and J. Schuhm, The Art of Software Security Assessment, 1st Edition, Chapter 2 - βCommon Vulnerabilities of Encryptionβ, p. 43. Addison Wesley, 2006.
M. Howard and D. LeBlanc, Writing Secure Code, 2nd Edition, Chapter 9 - βProtecting Secret Dataβ, p. 299. Microsoft, 2002.
Common Weakness Enumeration: CWE-312.
Common Weakness Enumeration: CWE-359.
Common Weakness Enumeration: CWE-532.