C Sharp Sensitive Information In Logs
Description
Detects when sensitive information is written to log files using C# logging frameworks (NLog). Writing sensitive data like passwords, credit cards, or tokens to logs creates security risks as log files are often accessible to multiple users and may be stored in unsecured locations.
Detection Strategy
• Application must use NLog and System.Web libraries
• Identifies calls to logging methods: Info, Trace, Debug, Warn, Error, or Fatal
• Checks if the logger instance is created from LogManager
• Analyzes the logging method arguments for sensitive data patterns (credentials, tokens, personal data)
• Reports a vulnerability when sensitive information is passed as parameters to any logging method
Vulnerable code example
using NLog;
public class SensitiveDataLogger
{
private static readonly Logger logger = LogManager.GetCurrentClassLogger();
public void ProcessSensitiveData(string password, string token)
{...✅ Secure code example
using NLog;
public class SensitiveDataLogger
{
private static readonly Logger logger = LogManager.GetCurrentClassLogger();
public void ProcessSensitiveData(string password, string token)
{...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.