Skip to content

Java: CWE-532 sensitive info logging #3090

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
aschackmull merged 12 commits into from
May 14, 2020
Merged

Java: CWE-532 sensitive info logging #3090

Changes from 1 commit
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
dfb42ec
Address sensitive info logging
luchua-bc Mar 18, 2020
d932770
Fix the issue of mixed tabs and spaces
luchua-bc Mar 18, 2020
048a33e
Remove user ids from the check since they get logged a lot and are le…
luchua-bc Mar 27, 2020
000d894
Include Gradle Logging
luchua-bc Mar 28, 2020
a256065
Update java/ql/src/experimental/CWE-532/SensitiveInfoLog.qhelp
luchua-bc May 4, 2020
a6c9c51
Update java/ql/src/experimental/CWE-532/SensitiveInfoLog.ql
luchua-bc May 4, 2020
5c803b7
The query help builder will interpret and automatically add this refe…
luchua-bc May 4, 2020
491b67e
Change string concatenation in the source to TaintTracking::Configura…
luchua-bc May 13, 2020
ffd442a
Fine tuning criteria
luchua-bc May 13, 2020
d9cc3c6
Add a comment for reasoning in why debug and trace are included and o…
luchua-bc May 13, 2020
632cb8b
Simplify CredentialExpr as the AddExpr step is included by TaintTrack…
luchua-bc May 13, 2020
7b88988
Convert to path-problem query
luchua-bc May 13, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Update java/ql/src/experimental/CWE-532/SensitiveInfoLog.qhelp 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
  • Loading branch information
@luchua-bc @felicitymay
luchua-bc and felicitymay authored May 4, 2020
commit a2560656d5e73879e96fa6df1e250cf56473b615
2 changes: 1 addition & 1 deletion java/ql/src/experimental/CWE-532/SensitiveInfoLog.qhelp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
<qhelp>

<overview>
<p>Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. Third-party logging utilities like Log4J and SLF4J are widely used in Java projects. When sensitive information are written to logs without properly set logging levels, it is accessible to potential attackers who gains access to the
<p>Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. Third-party logging utilities like Log4J and SLF4J are widely used in Java projects. When sensitive information is written to logs without properly set logging levels, it is accessible to potential attackers who can use it to gain access to
file storage.</p>
</overview>

Expand Down