Python Fastapi Sensitive Data Logging
Description
Detects when sensitive data from FastAPI requests (like headers, cookies, or request bodies) is being logged using Python's logging functions. This could lead to exposure of confidential information in log files, potentially compromising user privacy and security.
Detection Strategy
• Application code imports both FastAPI and Python's logging module
• Logging function calls (like logging.info, logging.debug etc.) are present in the code
• The logging calls include FastAPI request data as arguments
• The FastAPI data being logged contains sensitive information (e.g. request.headers, request.cookies, request.body)
Vulnerable code example
from fastapi import FastAPI, Request
import logging
app = FastAPI()
logger = logging.getLogger(__name__)
@app.get("/login")
async def unsafe_login(request: Request):...✅ Secure code example
from fastapi import FastAPI, Request
import logging
import hashlib
app = FastAPI()
logger = logging.getLogger(__name__)
@app.get("/login")...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.