``++Throwable.printStackTrace(...)++`` prints a ``++Throwable++`` and its stack trace to some stream. By default that stream ``++System.Err++``, which could inadvertently expose sensitive information.


Loggers should be used instead to print ``++Throwable++``s, as they have many advantages:

* Users are able to easily retrieve the logs.
* The format of log messages is uniform and allow users to browse the logs easily.

This rule raises an issue when ``++printStackTrace++`` is used without arguments, i.e. when the stack trace is printed to the default stream.


== Noncompliant Code Example

----
try {
  /* ... */
} catch(Exception e) {
  e.printStackTrace();        // Noncompliant
}
----


== Compliant Solution

----
try {
  /* ... */
} catch(Exception e) {
  LOGGER.log("context", e);
}
----


== See

* https://www.owasp.org/index.php/Top_10-2017_A3-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure
* http://cwe.mitre.org/data/definitions/489.html[MITRE, CWE-489] - Leftover Debug Code