Corgea LogoCorgea Security Hub

CWE-222: Truncation of Security-relevant Information

Learn about CWE-222 (Truncation of Security-relevant Information), its security impact, exploitation methods, and prevention guidelines.

What is Truncation of Security-relevant Information?

• Overview: This vulnerability occurs when a software system truncates important security information. This can happen during display, recording, or processing stages, potentially hiding details about security events such as attacks, making it harder to detect and respond to them.

• Exploitation Methods:

  • Attackers can exploit this vulnerability by triggering security events that are partially or completely hidden due to truncation, allowing them to evade detection.
  • Common attack patterns include overwhelming logging systems with excessive data to force truncation, or crafting specific inputs that ensure important parts of the information are cut off.

• Security Impact:

  • Direct consequences include the inability to see the full details of an attack, which can prevent proper analysis and response.
  • Potential cascading effects include misdiagnosis of security incidents, leading to inadequate mitigation strategies and further vulnerabilities.
  • Business impact may involve increased risk of undetected breaches, loss of sensitive data, and non-compliance with security standards or regulations.

• Prevention Guidelines:

  • Specific code-level fixes include ensuring that all security-relevant information is logged or processed in full, possibly by increasing buffer sizes or using data structures that can handle large inputs.
  • Security best practices involve regular auditing of logging and processing mechanisms to ensure they handle and record all necessary information without truncation.
  • Recommended tools and frameworks include using logging libraries or frameworks that automatically handle large data sets and ensure complete data capture, such as SLF4J for Java or the Logging module in Python.
Corgea can automatically detect and fix Truncation of Security-relevant Information in your codebase. [Try Corgea free today](https://corgea.app).

Technical Details

Likelihood of Exploit: Not specified

Affected Languages: Not Language-Specific

Affected Technologies: Not specified

Vulnerable Code Example

import logging

# Setup a basic logger
logging.basicConfig(filename='app.log', level=logging.INFO)

def log_user_action(user_id, action):
    # Vulnerable code: truncates important information
    # If user_id or action is too long, information might be lost
    log_entry = f"User:{user_id[:10]}, Action:{action[:20]}"
    logging.info(log_entry)

# Example usage
log_user_action('123456789012345', 'Attempted unauthorized access to secure endpoint')

Explanation:

  • This code sets up a basic logging service that records user actions.
  • The log_user_action function truncates the user_id to 10 characters and action to 20 characters.
  • This truncation can obscure important details about who performed the action and what exactly was attempted, especially in the context of security-relevant actions.

How to fix Truncation of Security-relevant Information?

To fix this vulnerability:

  1. Avoid Truncation: Ensure that security-relevant information is not truncated. Log full details to maintain the integrity of log records.
  2. Structured Logging: Use structured logging to capture detailed information that can be parsed and analyzed effectively.
  3. Data Sanitization: Ensure data is sanitized and validated to prevent log injection attacks.
  4. Log Size Management: Use log rotation and management strategies to handle large volumes of data without truncating important information.

Fixed Code Example

import logging
from logging.handlers import RotatingFileHandler

# Setup a structured logger with rotation to manage log size
handler = RotatingFileHandler('app.log', maxBytes=5000000, backupCount=5)
logging.basicConfig(handlers=[handler], level=logging.INFO, format='%(asctime)s - %(message)s')

def log_user_action(user_id, action):
    # Fixed code: logs full information without truncation
    # Structured log format for better parsing and searchability
    log_entry = f"UserID:{user_id}, Action:{action}"
    logging.info(log_entry)

# Example usage
log_user_action('123456789012345', 'Attempted unauthorized access to secure endpoint')

Explanation:

  • Avoid Truncation: The log_user_action function now logs the full user_id and action without truncation, preserving all relevant data.
  • Structured Logging: The logger is configured to use a structured format with timestamps, making it easier to search and parse logs.
  • Log Rotation: A RotatingFileHandler is used to manage log file sizes, preventing truncation due to space limitations.
  • This approach ensures that all security-relevant information is preserved and can be reviewed effectively in the event of a security incident.
Corgea Logo

Find this vulnerability and fix it with Corgea

Scan your codebase for CWE-222: Truncation of Security-relevant Information and get remediation guidance

Start for free and no credit card needed.