# Logging Sensitive Data

- ID: go-sensitive-data-logging
- Severity: MEDIUM
- CWE: Information Exposure Through Logs (CWE-532)
- Languages: Go

## Description

Passwords, tokens, or PII logged via log.Printf or similar functions.

## Detection Message

Sensitive data from {source} is logged at {sink}.
This may expose passwords, tokens, PII, or other sensitive information through logs.

## Remediation

Never log sensitive values. Log presence/absence instead of actual values.

```go
// Log only that API key is configured, not the value
if apiKey != "" {
    log.Println("API key configured")
}
```

Learn more: https://shoulder.dev/learn/go/cwe-532/sensitive-data-logging

## Documentation

[object Object]

## Related Rules

- **Sensitive Data Exposure in Logs** [MEDIUM]: 
- **Sensitive Data in Logging** [HIGH]: