Explore
1-25 of 36
Info Leakage: Throwable.printStacktrace leaks valuable program structure information
Printing a stack trace gives valuable information about software internals, including library/framework names and versions, to an attacker
- warning
- java
- security
- framework specific
- logging
- Logger
Prevent CRLF injection in SLF4J
Encode untrustated data to prevent the log files from CRLF injections
- marked_information
- java
- security
- SLF4J
- framework specific
- logging
- injection
Prevent CRLF injection in SLF4J using the Logstash Logback Encoder
Encode untrustated data to prevent the log files from CRLF injections
- marked_information
- java
- security
- SLF4J
- framework specific
- logging
- injection
SLF4J Logging: enforce usage of placeholders in the messages
Do not concatenate untrusted data in the message string, instead use placeholders ( '{}' )
- marked_information
- java
- security
- logging
- injection
- OWASP Top 10
- SLF4J
- framework specific
SLF4J Logging: Logger modifiers
The logger should be a private static final field
- marked_information
- java
- SLF4J
- framework specific
- logging
- quality
SLF4J Logging: Naming convention: Reserved logger name
The name "logger" should be reserved for the SLF4J logger instance. Use Refactor Rename (Shift+F6) to rename this variable.
- marked_information
- java
- SLF4J
- framework specific
- logging
- quality
SLF4J Logging: Naming convention: Standardise logger name
The SLF4J logger instance should be named "logger". Use Refactor Rename (Shift+F6) to rename this variable.
- marked_information
- java
- SLF4J
- framework specific
- logging
- quality
SLF4J Logging: Print Exceptions using SLF4J instead
Standardise on SLF4J by replacing this call
- marked_information
- java
- security
- SLF4J
- framework specific
- logging
SLF4J Logging: Replace java.util.logging with SLF4J (Debug)
Standardise on SLF4J by replacing this call
- marked_information
- java
- SLF4J
- framework specific
- logging
- quality
SLF4J Logging: Replace java.util.logging with SLF4J (Error)
Standardise on SLF4J by replacing this call
- marked_information
- java
- SLF4J
- framework specific
- logging
- quality
SLF4J Logging: Replace java.util.logging with SLF4J (Info)
Standardise on SLF4J by replacing this call
- marked_information
- java
- SLF4J
- framework specific
- logging
- quality
SLF4J Logging: Replace java.util.logging with SLF4J (Log Debug)
Standardise on SLF4J by replacing this call
- marked_information
- java
- SLF4J
- framework specific
- logging
- quality
SLF4J Logging: Replace java.util.logging with SLF4J (Log Error)
Standardise on SLF4J by replacing this call
- marked_information
- java
- SLF4J
- framework specific
- logging
- quality
SLF4J Logging: Replace java.util.logging with SLF4J (Log Exception Debug)
Standardise on SLF4J by replacing this call
- marked_information
- java
- SLF4J
- framework specific
- logging
- quality
SLF4J Logging: Replace java.util.logging with SLF4J (Log Exception Error)
Standardise on SLF4J by replacing this call
- marked_information
- java
- SLF4J
- framework specific
- logging
- quality
SLF4J Logging: Replace java.util.logging with SLF4J (Log Exception Info)
Standardise on SLF4J by replacing this call
- marked_information
- java
- SLF4J
- framework specific
- logging
- quality
SLF4J Logging: Replace java.util.logging with SLF4J (Log Exception Trace)
Standardise on SLF4J by replacing this call
- marked_information
- java
- SLF4J
- framework specific
- logging
- quality
SLF4J Logging: Replace java.util.logging with SLF4J (Log Exception Warning)
Standardise on SLF4J by replacing this call
- marked_information
- java
- SLF4J
- framework specific
- logging
- quality
SLF4J Logging: Replace java.util.logging with SLF4J (Log Info)
Standardise on SLF4J by replacing this call
- marked_information
- java
- SLF4J
- framework specific
- logging
- quality
SLF4J Logging: Replace java.util.logging with SLF4J (Log Object Debug)
Standardise on SLF4J by replacing this call
- marked_information
- java
- SLF4J
- framework specific
- logging
- quality
SLF4J Logging: Replace java.util.logging with SLF4J (Log Object Error)
Standardise on SLF4J by replacing this call
- marked_information
- java
- SLF4J
- framework specific
- logging
- quality
SLF4J Logging: Replace java.util.logging with SLF4J (Log Object Info)
Standardise on SLF4J by replacing this call
- marked_information
- java
- SLF4J
- framework specific
- logging
- quality
SLF4J Logging: Replace java.util.logging with SLF4J (Log Object Trace)
Standardise on SLF4J by replacing this call
- marked_information
- java
- SLF4J
- framework specific
- logging
- quality
SLF4J Logging: Replace java.util.logging with SLF4J (Log Object Warning)
Standardise on SLF4J by replacing this call
- marked_information
- java
- SLF4J
- framework specific
- logging
- quality
SLF4J Logging: Replace java.util.logging with SLF4J (Log Trace)
Standardise on SLF4J by replacing this call
- marked_information
- java
- SLF4J
- framework specific
- logging
- quality