Sensitive information stored in logs
Need
Secure handling of sensitive information in log files
Context
- Usage of Python 3 for developing applications and scripts
- Usage of logging for capturing and storing application logs
Description
Non compliant code
import logging
def log_info(username, password, bank_account):
logger = logging.getLogger(__name__)
logger.info(f'Username: {username}, Password: {password}, Bank Account: {bank_account}')
In the above code, we are logging sensitive user information such as username, password, and bank account details. This is a serious security issue because logs are often stored in plain text and can be read by anyone who has access to the logging system.
The function log_info takes three parameters: username, password, and bank_account. These parameters are then logged using Python's built-in logging module. The line logger.info(f'Username: {username}, Password: {password}, Bank Account: {bank_account}') logs the sensitive information, which is a serious security vulnerability.
Any attacker who gains access to these logs can retrieve this sensitive information and misuse it. They could potentially log into the system, perform fraudulent transactions, or even steal the user's identity. Therefore, it is crucial to ensure that sensitive information is never logged.
Steps
- Remove sensitive information from the logs. Never log sensitive information such as passwords or bank account numbers.
- If it's necessary to log some information for debugging purposes, consider logging only non-sensitive parts or use a hashing or encryption method to obscure the sensitive data.
- Implement a proper logging level. For example, use the 'debug' level for detailed information that might contain sensitive data and ensure these logs are only enabled during debugging sessions.
- Ensure that your logging system is secure. Logs should be stored in a secure location and be properly protected from unauthorized access.
Compliant code
import logging
import hashlib
def log_info(username, password, bank_account):
logger = logging.getLogger(__name__)
hashed_password = hashlib.sha256(password.encode()).hexdigest()
hashed_bank_account = hashlib.sha256(bank_account.encode()).hexdigest()
logger.info(f'Username: {username}, Hashed Password: {hashed_password}, Hashed Bank Account: {hashed_bank_account}')
The updated code no longer logs sensitive information in plain text. Instead, it uses the SHA-256 hashing algorithm to obscure the password and bank account number before logging them.
The hashlib.sha256().hexdigest() method is used to create a SHA-256 hash of the password and bank account number. This method first encodes the string into bytes, then creates a hash from these bytes, and finally returns the hexadecimal representation of this hash.
The logger then logs the username along with the hashed password and hashed bank account number. This way, even if someone gains access to the logs, they won't be able to retrieve the original password or bank account number from the hashed values.
Remember, this is just one part of securing your logs. You should also ensure that your logs are stored in a secure location and are protected from unauthorized access. Additionally, consider implementing different logging levels and only enable detailed logs that might contain sensitive information during debugging sessions.