SonarQube Vulnerability for Custom data in logging using log4net

GPriyanka · July 31, 2024, 11:51am

The sonarQube scan is throwing vulnerabilities for Logging custom data using log4net recommending to modify the method to not log user controller data. What could be the best approach to handle this vulnerability?

ganncamp · August 1, 2024, 12:12pm

Hi,

I’ll ask the dumb question: why not just stop logging the data?

Ann

Topic		Replies	Views
Can SonarQube detect code that used the Log4J2 in a way that is vulnerable? SonarQube Server / Community Build security , sast	3	4289	January 11, 2022
Change this code to not log user-controlled data SonarQube Server / Community Build bump	4	3826	September 29, 2023
Sonarcloud and log4j vulnerability SonarQube Cloud sonarqube-cloud	5	1946	December 13, 2021
SonarQube (CE 10.3.0) leaking encrypted values in web server logs SonarQube Server / Community Build sonarqube , security , logging , encryption	6	1390	June 17, 2024
How to solve below Security Hotspot Error raised for logging? SonarQube Server / Community Build	1	134	July 25, 2024

SonarQube Vulnerability for Custom data in logging using log4net

Related topics