The App logs information. Sensitive information should never be logged.

objectivec.storage.ios_app_logging

Severity

low

Resource

Storage

Language

Objective-C

Description

The App logs information. Sensitive information should never be logged.

Rationale

The App logs information. Sensitive information should never be logged.

The following code illustrates a vulnerable pattern detected by this rule:

void badNSLog() {
    NSString *password = @"secret123";
    // VULNERABLE: The App logs information. Sensitive information should never be logged.
    NSLog(@"User password: %@", password);
}

Remediation

Follow secure coding practices and review the references below for detailed remediation guidance.

Configuration

This detector does not need any configuration.

References

CWE-532
OWASP Top 10 2021 - A09 : Security Logging and Monitoring Failures.
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x06i-Testing-Code-Quality-and-Build-Settings.md#finding-debugging-code-and-verbose-error-logging-mstg-code-4