mobsf.mobsfscan.android.logging.android_logging
MobSFAuthor
unknown
Download Count*
License
The App logs information. Please ensure that sensitive information is never logged.
Run Locally
Run in CI
Defintion
rules:
- id: android_logging
patterns:
- pattern-not: System.out.print();
- pattern-not: System.out.println();
- pattern-not: System.err.print();
- pattern-not: System.err.println();
- pattern-not: Log.$D("...", "...", ...);
- pattern-not: Log.$D($T, "...", ...);
- pattern-not: System.out.print("...");
- pattern-not: System.out.println("...");
- pattern-not: System.err.print("...");
- pattern-not: System.err.println("...");
- pattern-either:
- pattern: |
Log.$D($T, $X + "...", ...);
- pattern: |
Log.$D($T, "..." + $X + "...", ...);
- pattern: |
Log.$D($T, "..." + $X, ...);
- pattern: |
$Y = $Z;
...
Log.$D($T,<... $Y ...>, ...);
- pattern: |
System.out.print(...);
- pattern: |
System.err.print(...);
- pattern: |
System.out.println(...);
- pattern: |
System.err.println(...);
message: The App logs information. Please ensure that sensitive information is
never logged.
languages:
- java
severity: INFO
metadata:
cwe: cwe-532
owasp-mobile: m1
masvs: storage-3
reference: https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs
license: LGPL-3.0-or-later
vulnerability_class:
- Other
Short Link: https://sg.run/6pQo