include::../description.adoc[]

include::../ask-yourself.adoc[]

include::../recommended.adoc[]

== Sensitive Code Example

``++Throwable.printStackTrace(...)++`` prints a Throwable and its stack trace to ``++System.Err++`` (by default) which is not easily parseable and can expose sensitive information:

[source,java]
----
try {
  /* ... */
} catch(Exception e) {
  e.printStackTrace(); // Sensitive 
}
----

https://docs.spring.io/spring-security/site/docs/current/api/org/springframework/security/config/annotation/web/configuration/EnableWebSecurity.html[EnableWebSecurity] annotation for SpringFramework with ``++debug++`` to ``++true++`` enables debugging support:

[source,java]
----
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;

@Configuration
@EnableWebSecurity(debug = true) // Sensitive 
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
  // ...
}
----

https://developer.android.com/reference/android/webkit/WebView#setWebContentsDebuggingEnabled(boolean)[WebView.setWebContentsDebuggingEnabled(true)] for Android enables debugging support:

[source,java]
----
import android.webkit.WebView;

WebView.setWebContentsDebuggingEnabled(true); // Sensitive
WebView.getFactory().getStatics().setWebContentsDebuggingEnabled(true); // Sensitive
----

== Compliant Solution

Loggers should be used (instead of  ``++printStackTrace++``) to print throwables:

[source,java]
----
try {
  /* ... */
} catch(Exception e) {
  LOGGER.log("context", e);
}
----

https://docs.spring.io/spring-security/site/docs/current/api/org/springframework/security/config/annotation/web/configuration/EnableWebSecurity.html[EnableWebSecurity] annotation for SpringFramework with ``++debug++`` to ``++false++`` disables debugging support:

[source,java]
----
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;

@Configuration
@EnableWebSecurity(debug = false)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
  // ...
}
----

https://developer.android.com/reference/android/webkit/WebView#setWebContentsDebuggingEnabled(boolean)[WebView.setWebContentsDebuggingEnabled(false)] for Android disables debugging support:
[source,java]
----
import android.webkit.WebView;

WebView.setWebContentsDebuggingEnabled(false);
WebView.getFactory().getStatics().setWebContentsDebuggingEnabled(false);
----

include::../see.adoc[]

ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::../message.adoc[]

=== Highlighting

debug = true

printStackTrace


'''
== Comments And Links
(visible only on this page)

include::../comments-and-links.adoc[]

endif::env-github,rspecator-view[]