Sensitive information should not be exposed through log files or stack traces. Ensure that sensitive information is redacted and that logging is used only in debug mode with test data.
1public void processResponseNoncompliant(Map<String, String> response) {
2 // Noncompliant: logs sensitive data without redaction resulting in a possible sensitive information leak.
3 final String name = response.get("Name");
4 String redacted = RedactionUtil.redact(name);
5 log.info(name);
6}
1public void processResponseCompliant(Map<String, String> response) {
2 final String name = response.get("Name");
3 String redacted = RedactionUtil.redact(name);
4 // Compliant: sensitive data is passed through redaction before logging, preventing possible sensitive information leak.
5 log.info(redacted);
6}