``++Throwable.printStackTrace(...)++`` prints a ``++Throwable++`` and its stack trace to some stream. By default that stream ``++System.Err++``, which could inadvertently expose sensitive information.


Loggers should be used instead to print ``++Throwable++``s, as they have many advantages:

* Users are able to easily retrieve the logs.
* The format of log messages is uniform and allow users to browse the logs easily.

This rule raises an issue when ``++printStackTrace++`` is used without arguments, i.e. when the stack trace is printed to the default stream.


== Noncompliant Code Example

[source,java]
----
try {
  /* ... */
} catch(Exception e) {
  e.printStackTrace();        // Noncompliant
}
----


== Compliant Solution

[source,java]
----
try {
  /* ... */
} catch(Exception e) {
  LOGGER.log("context", e);
}
----


== See

* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure
* https://cwe.mitre.org/data/definitions/489[MITRE, CWE-489] - Active Debug Code


ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::message.adoc[]

include::highlighting.adoc[]

'''
== Comments And Links
(visible only on this page)

include::comments-and-links.adoc[]
endif::env-github,rspecator-view[]