Information Exposure Through Debug Log

ID

python.information_exposure_through_debug_log

Severity

low

Resource

Information Leak

Language

Python

Tags

CWE:532, NIST.SP.800-53, OWASP:2021:A4

Description

Sensitive information leakage through debug log.

Rationale

Logging is an essential part of application maintenance, aiding in troubleshooting and performance monitoring. However, if not properly managed, logs can become a significant vulnerability, especially when they contain sensitive data such as authentication credentials, personal user information, or internal state.

The CWE-532 category highlights the risk of exposing sensitive information through logging, which could be easily exploited if log files are accessed by unauthorized users.

Let’s consider an example where sensitive information might be logged inappropriately:

import logging

logging.basicConfig(level=logging.DEBUG)

def authenticate(user, password):
    logging.debug(f"Authenticating user: {user} with password: {password}")
    # Authentication logic here

In this case, the password is written to the debug log, which could easily be harvested if logs are exposed or improperly secured. This violates secure coding principles and can result in data breaches.

Remediation

To remediate issues related to information exposure through logs, follow these practical steps:

  1. Avoid Logging Sensitive Data: Refrain from logging sensitive information such as passwords, credit card details, and personally identifiable information unless it’s absolutely necessary. Use sanitization and redaction techniques if logging such information is unavoidable.

  2. Use Appropriate Logging Levels: Set logging levels appropriately. Use DEBUG or TRACE logging selectively, preferably during development and disable or restrict them in production environments.

  3. Implement Log Access Controls: Ensure that logs are stored securely and that access is restricted to authorized personnel only. Utilize encryption for log files if possible, and employ robust audit controls to monitor access.

  4. Regularly Audit Logs: Conduct regular audits of logs to identify and redact any instances of sensitive data that were improperly logged. This helps maintain the integrity of your logging strategy.

By following these steps, organizations can minimize the risks associated with information exposure through debug logs in your applications.

Improved version of the earlier example:

import logging

logging.basicConfig(level=logging.INFO)

def authenticate(user, password):
    logging.info(f"Authenticating user: {user}")
    # Avoid logging the password
    # Authentication logic here

Additionally, you can use custom filters to automatically redact sensitive information:

class RedactingFilter(logging.Filter):
    def filter(self, record):
        record.msg = str(record.msg).replace("password", "***")
        return True

logger = logging.getLogger()
logger.addFilter(RedactingFilter())

Security-focused development practices should also include log review policies, compliance with privacy standards (e.g., GDPR), and regular audits to ensure sensitive data is not inadvertently exposed.

Configuration

To remediate issues related to information exposure through logs, follow these practical steps:

  1. Avoid Logging Sensitive Data: Refrain from logging sensitive information such as passwords, credit card details, and personally identifiable information unless it’s absolutely necessary. Use sanitization and redaction techniques if logging such information is unavoidable.

  2. Use Appropriate Logging Levels: Set logging levels appropriately. Use DEBUG or TRACE logging selectively, preferably during development and disable or restrict them in production environments.

  3. Implement Log Access Controls: Ensure that logs are stored securely and that access is restricted to authorized personnel only. Utilize encryption for log files if possible, and employ robust audit controls to monitor access.

  4. Regularly Audit Logs: Conduct regular audits of logs to identify and redact any instances of sensitive data that were improperly logged. This helps maintain the integrity of your logging strategy.

By following these steps, organizations can minimize the risks associated with information exposure through debug logs in your applications.

References

  • CWE-532 : Insertion of Sensitive Information into Log File.

  • FIO13-J : Do not log Sensitive Information outside a trust boundary

  • OWASP Top 10 2021 - A03 : Injection.