# Insertion of Sensitive Information into Log File (CWE-532)

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

**Stack:** Go

- Prevalence: 보통 3개 언어 지원
- Impact: 높음 1개의 높은 심각도 규칙
- Prevention: 문서화됨 3개의 수정 예시

**OWASP:** Security Logging and Monitoring Failures (A09:2021-Security Logging and Monitoring Failures) - #9

## Description

When sensitive information like passwords, tokens, or personal data is logged, it becomes accessible to anyone with access to the logs. Log files are often stored with less security than the data they contain.

## Prevention

1개의 Shoulder 탐지 규칙을 기반으로 한 Information Exposure Through Logs 예방 전략.

### Go

Never log passwords, tokens, or PII; log presence/absence instead

## Consequences

- 애플리케이션 데이터 읽기
- 권한 획득

## Mitigations

- 비밀번호나 토큰 같은 민감한 정보는 절대 로그에 남기지 마세요
- 로그 데이터 분류와 필터링을 구현하세요
- 로그에 기록하기 전에 민감한 데이터를 마스킹하거나 가리세요

## Detection

- Total rules: 3
- Languages: go, javascript, typescript, python

## Rules by Language

### Go (1 rules)

- **Logging Sensitive Data** [MEDIUM]: Passwords, tokens, or PII logged via log.Printf or similar functions.
  - Remediation: Never log sensitive values. Log presence/absence instead of actual values.

```go
// Log only that API key is configured, not the value
if apiKey != "" {
    log.Println("API key configured")
}
```

Learn more: https://shoulder.dev/learn/go/cwe-532/sensitive-data-logging