rspec/rules/S1148/java/rule.adoc

``++Throwable.printStackTrace(...)++`` prints a ``++Throwable++`` and its stack trace to some stream. By default that stream ``++System.Err++``, which could inadvertently expose sensitive information.


Loggers should be used instead to print ``++Throwable++``s, as they have many advantages:

* Users are able to easily retrieve the logs.
* The format of log messages is uniform and allow users to browse the logs easily.

This rule raises an issue when ``++printStackTrace++`` is used without arguments, i.e. when the stack trace is printed to the default stream.


== Noncompliant Code Example

----
try {
  /* ... */
} catch(Exception e) {
  e.printStackTrace();        // Noncompliant
}
----


== Compliant Solution

----
try {
  /* ... */
} catch(Exception e) {
  LOGGER.log("context", e);
}
----


== See

* https://www.owasp.org/index.php/Top_10-2017_A3-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure
* http://cwe.mitre.org/data/definitions/489.html[MITRE, CWE-489] - Leftover Debug Code


ifdef::env-github,rspecator-view[]
'''
== Comments And Links
(visible only on this page)

include::comments-and-links.adoc[]
endif::env-github,rspecator-view[]
Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00			``++Throwable.printStackTrace(...)++`` prints a ``++Throwable++`` and its stack trace to some stream. By default that stream ``++System.Err++``, which could inadvertently expose sensitive information.


			Loggers should be used instead to print ``++Throwable++``s, as they have many advantages:

			`* Users are able to easily retrieve the logs.`
			`* The format of log messages is uniform and allow users to browse the logs easily.`

			This rule raises an issue when ``++printStackTrace++`` is used without arguments, i.e. when the stack trace is printed to the default stream.

Fix the missing default metadata fields 2021-04-28 18:08:03 +02:00
Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00			`== Noncompliant Code Example`

			`----`
			`try {`
			`/* ... */`
			`} catch(Exception e) {`
			`e.printStackTrace(); // Noncompliant`
			`}`
			`----`

Fix the missing default metadata fields 2021-04-28 18:08:03 +02:00
Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00			`== Compliant Solution`

			`----`
			`try {`
			`/* ... */`
			`} catch(Exception e) {`
			`LOGGER.log("context", e);`
			`}`
			`----`

Fix the missing default metadata fields 2021-04-28 18:08:03 +02:00
Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00			`== See`

			`* https://www.owasp.org/index.php/Top_10-2017_A3-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure`
			`* http://cwe.mitre.org/data/definitions/489.html[MITRE, CWE-489] - Leftover Debug Code`
Fix the missing default metadata fields 2021-04-28 18:08:03 +02:00
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00
Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`ifdef::env-github,rspecator-view[]`
RULEAPI-576: add a horizontal rule between rule description and comments 2021-06-08 15:52:13 +02:00			`'''`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00			`== Comments And Links`
			`(visible only on this page)`

			`include::comments-and-links.adoc[]`
Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`endif::env-github,rspecator-view[]`