Check if logging is enabled with loglevel DEBUG

Problem Statement: Generating huge DEBUG logs leading to application crash and being sent to Splunk.

Proposed Solution: I want to create Rule in SonarQube to check if DEBUG logs are enabled in my code before deploying. This rule should scan the possible application properties files and check if DEBUG logs are enabled. If debug logs are enabled, i won’t allow the application for deployment.

Please let me know if such kind of rule already exist in Sonar or how can we create this type of rule. I’m trying to implement this rule for Java application.

Hi @rkrao,

We have the security hotspot rule S4792 “Configuring loggers is security-sensitive” which matches more or less your use case. It does not specifically detect debug mode for loggers but any configuration of loggers. The goal of Security Hotspots is to guide developers during code review.

You might also be interested in S4507 “Delivering code in production with debug features activated is security-sensitive”

It is not possible to know if the code is used in production or not. This requires a code review, which is why these rules are security hotspots and not vulnerabilities.

Note that using DEBUG mode for logs is only one of many vulnerabilities possible with logs. More information is available in the rule description.

Does this answer your question?