Go Sensitive Information In Logs
Description
This detector identifies when sensitive information (like passwords, tokens, API keys) is logged using Go's standard log package. Logging sensitive data can lead to credential exposure in log files, making them accessible to unauthorized users who have access to application logs or log aggregation systems.
Detection Strategy
• The Go standard 'log' package must be imported in the analyzed file
• Code must contain calls to logging methods from the log package (like log.Print, log.Printf, log.Println, etc.)
• The logging function call must contain arguments that appear to be sensitive information
• Sensitive arguments are detected based on variable names, string literals, or expressions that suggest they contain credentials, tokens, passwords, or other confidential data
Vulnerable code example
package main
import (
"log"
"net/http"
)
func handler(w http.ResponseWriter, r *http.Request) {...✅ Secure code example
package main
import (
"log"
"net/http"
)
func handler(w http.ResponseWriter, r *http.Request) {...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.