Details

    • Type: Language-Specification
    • Status: Active
    • Resolution: Unresolved
    • Labels:
    • Highlighting:
      Hide

      debug = true
      printStackTrace

      Show
      debug = true printStackTrace
    • Impact:
      Unknown 'null' severity
    • Likelihood:
      Unknown 'null' severity

      Description

      Sensitive Code Example

      Throwable.printStackTrace(...) prints a Throwable and its stack trace to System.Err (by default) which is not easily parseable and can expose sensitive information:

      try {
        /* ... */
      } catch(Exception e) {
        e.printStackTrace();        // Sensitive 
      }
      

      EnableWebSecurity annotation for SpringFramework with debug to true enable debugging support:

      import org.springframework.context.annotation.Configuration;
      import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
      
      @Configuration
      @EnableWebSecurity(debug = true) // Sensitive 
      public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
        // ...
      }
      

      Compliant Solution

      Loggers should be used (instead of printStackTrace) to print throwables:

      try {
        /* ... */
      } catch(Exception e) {
        LOGGER.log("context", e); // Compliant
      }
      

      EnableWebSecurity annotation for SpringFramework with debug to false disable debugging support:

      import org.springframework.context.annotation.Configuration;
      import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
      
      @Configuration
      @EnableWebSecurity(debug = false) // Compliant
      public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
        // ...
      }
      

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              alexandre.gigleux Alexandre Gigleux
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: