Sensitive information stored in logs
Need
Protection of sensitive information in log files
Context
- Usage of Scala for building scalable and high-performance applications
- Usage of play.api.Logger for logging in a Play Framework application
Description
Non compliant code
import play.api.Logger
def login(username: String, password: String) = Action { implicit request =>
Logger.info(s"User $username is trying to login with password $password")
// Authentication logic here
}
def transferFunds(sourceAccount: String, destinationAccount: String, amount: Double) = Action { implicit request =>
Logger.info(s"Transferring $amount from $sourceAccount to $destinationAccount")
// Transfer logic here
}
def uploadFile(filePath: String) = Action { implicit request =>
Logger.info(s"Uploading file from $filePath")
// File upload logic here
}
This code represents a Scala backend application using the Play framework. It contains three methods: login, transferFunds, and uploadFile.
The login method logs the username and password of a user trying to login. This is a security vulnerability as sensitive information, the password, is being written to the log files.
The transferFunds method logs the source account, destination account, and the amount being transferred. This is a security vulnerability as sensitive information, the bank accounts, are being written to the log files.
The uploadFile method logs the file path of the file being uploaded. This is a security vulnerability as sensitive information, the file path, is being written to the log files.
In all these methods, the sensitive information is being logged using Logger.info. This information can be accessed by anyone who has access to these log files, leading to potential security breaches.
Steps
- Identify and classify sensitive information that should not be logged.
- Remove any sensitive information from the log statements.
- Implement a logging framework that supports sensitive information filtering or masking.
- Configure the logging framework to exclude or mask sensitive information.
- Ensure that the logging configuration is secure and cannot be easily modified by unauthorized users.
- Regularly review and monitor the log files to detect any accidental or unauthorized logging of sensitive information.
Compliant code
import play.api.Logger
def login(username: String, password: String) = Action { implicit request =>
Logger.info(s"User $username is trying to login")
// Authentication logic here
}
def transferFunds(sourceAccount: String, destinationAccount: String, amount: Double) = Action { implicit request =>
Logger.info(s"Transferring funds")
// Transfer logic here
}
def uploadFile(filePath: String) = Action { implicit request =>
Logger.info(s"Uploading file")
// File upload logic here
}
The original code was logging sensitive information such as usernames, passwords, account details, and file paths. This is a security vulnerability as it exposes sensitive information in the logs which can be accessed by unauthorized users.
The fixed code removes all sensitive information from the log statements. Now, the login function only logs the action of a user trying to login without revealing the username or password. Similarly, the transferFunds function only logs the action of transferring funds without revealing the source or destination account or the amount. The uploadFile function only logs the action of uploading a file without revealing the file path.
This way, the logs only contain information about the actions being performed without revealing any sensitive information. This reduces the risk of sensitive information being exposed in the logs.
In addition to this, it is recommended to implement a logging framework that supports sensitive information filtering or masking, configure the logging framework to exclude or mask sensitive information, ensure that the logging configuration is secure and cannot be easily modified by unauthorized users, and regularly review and monitor the log files to detect any accidental or unauthorized logging of sensitive information.