Audit required: Insecure use of logger GO-S0904

Possible insecure use of logger because of tainted, untrusted, or sensitive arguments passed to the logger. Logging invalidated user input can allow an attacker to forge log entries or inject malicious content into the logs.

Recommended secure logging practices:

• Audit the logger for any user-provided data, such as URL parameters, POST data payloads, cookies, etc., because they could be untrusted and tainted. Applications logging tainted data could enable an attacker to inject characters that break the log file pattern.
• Logs are also a target for attackers because they might contain sensitive information. Audit the logger for any sensitive data exposure.
• Ensure sufficient logging is done so that logs have enough information to understand the damage an attacker may have caused in case of a successful attack.

Bad practice

func foo() {
    // input() returns user defined data
    sensitiveData := input()

    // If unsafe contains characters like '\r', '\n', etc. then it might break the log pattern
    // Manual auditing is required
    log.Println(sensitiveData )
}

func ExposeSensitiveInfo(url string) error {
    resp, err := http.Get(url)
    if err != nil {
        return err
    }

    // Logging "resp" could leak some sensitive information
    log.Println(resp)
    return nil
}

References

• CWE-117
• OWASP: Attack Category
• OWASP: Top 10 2017 Category A1
• Logging cheatsheet