Python Django Sensitive Data Logging

Description

Detects when sensitive data from Django applications (like user credentials or session data) is being logged, which could expose confidential information in log files. This creates a security risk if logs are compromised or improperly accessed, potentially leaking user data or authentication details.

Weakness:

059 - Sensitive information stored in logs

Category: Information Collection

Detection Strategy

• Check if both 'logging' and 'django' libraries are imported in the code

• Identify logging operations (like logging.info, logging.debug, etc.) in the code

• Look for sensitive Django data (user input, credentials, session data) being passed to logging operations

• Report a vulnerability when logging calls contain sensitive Django user data

Vulnerable code example

import logging
from django.http import HttpResponse

def vulnerable_login(request):
    password = request.POST.get('password')
    # VULNERABLE: Logging sensitive password in cleartext
    logging.info("Login attempt with password: %s", password)
...

✅ Secure code example

import logging
import hashlib
from django.http import HttpResponse

def secure_login(request):
    password = request.POST.get('password')
    # SAFE: Only log hash of sensitive password data
    password_hash = hashlib.sha256(password.encode()).hexdigest()...

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.