rspec/rules/S106/java/rule.adoc

:language_std_outputs: System.out, System.err

== Why is this an issue?

include::../description.adoc[]

=== Code examples

The following noncompliant code:

[source,java,diff-id=1,diff-type=noncompliant]
----
class MyClass {
  public void doSomething() {
    System.out.println("My Message");  // Noncompliant, output directly to System.out without a logger
  }
}
----

Could be replaced by:

[source,java,diff-id=1,diff-type=compliant]
----
import java.util.logging.Logger;

class MyClass {

  Logger logger = Logger.getLogger(getClass().getName());

  public void doSomething() {
    // ...
    logger.info("My Message");  // Compliant, output via logger
    // ...
  }
}
----

== Resources

=== Documentation

* https://docs.oracle.com/javase/7/docs/api/java/util/logging/Logger.html[Java SE 7 API Specification: java.util.logging.Logger]
* OWASP - https://owasp.org/Top10/A09_2021-Security_Logging_and_Monitoring_Failures/[Top 10 2021 Category A9 - Security Logging and Monitoring Failures]
* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure]
* https://wiki.sei.cmu.edu/confluence/x/nzdGBQ[CERT, ERR02-J.] - Prevent exceptions while logging data

ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::../message.adoc[]

'''
== Comments And Links
(visible only on this page)

include::../comments-and-links.adoc[]

endif::env-github,rspecator-view[]