Sensitive Information Leak High

Sensitive information should not be exposed through log files or stack traces. Ensure that sensitive information is redacted and that logging is used only in debug mode with test data.

Detector ID
csharp/sensitive-information-leak@v1.0
Category
Common Weakness Enumeration (CWE) external icon
Tags
-

Noncompliant example

1public void SensitiveInformationLeakNoncompliant()
2{
3    string url = "http://api.example.com";
4    string apiKey = "YOUR_API_KEY";
5    using (HttpClient client = new HttpClient())
6    {
7        // Noncompliant: Send sensitive data over HTTP connection
8        HttpResponseMessage response = client.GetAsync(url + "?api_key=" + apiKey).Result;
9    }
10}

Compliant example

1public void SensitiveInformationLeakCompliant()
2{
3    string url = "http://api.example.com";
4    string apiKey = "YOUR_API_KEY";
5    using (HttpClient client = new HttpClient())
6    {
7        // Noncompliant: Do not send sensitive data over HTTP connection
8        HttpResponseMessage response = client.GetAsync(url).Result;
9    }
10}