[{"number":1,"created_at":"2026-03-30T17:59:26Z","updated_at":"2026-03-30T17:59:26Z","url":"https://api.github.com/repos/greenticai/greentic-start/code-scanning/alerts/1","html_url":"https://github.com/greenticai/greentic-start/security/code-scanning/1","state":"open","fixed_at":null,"dismissed_by":null,"dismissed_at":null,"dismissed_reason":null,"dismissed_comment":null,"rule":{"id":"rust/cleartext-logging","severity":"warning","description":"Cleartext logging of sensitive information","name":"rust/cleartext-logging","tags":["external/cwe/cwe-312","external/cwe/cwe-359","external/cwe/cwe-532","security"],"full_description":"Logging sensitive information in plaintext can expose it to an attacker.","help":"# Cleartext logging of sensitive information\nSensitive user data and system information that is logged could be exposed to an attacker when it is displayed. Also, external processes often store the standard output and standard error streams of an application, which will include logged sensitive information.\n\n\n## Recommendation\nDo not log sensitive data. If it is necessary to log sensitive data, encrypt it before logging.\n\n\n## Example\nThe following example code logs user credentials (in this case, their password) in plaintext:\n\n\n```rust\nlet password = \"P@ssw0rd\";\ninfo!(\"User password changed to {password}\");\n\n```\nInstead, you should encrypt the credentials, or better still, omit them entirely:\n\n\n```rust\nlet password = \"P@ssw0rd\";\ninfo!(\"User password changed\");\n\n```\n\n## References\n* M. Dowd, J. McDonald and J. Schuhm, *The Art of Software Security Assessment*, 1st Edition, Chapter 2 - 'Common Vulnerabilities of Encryption', p. 43. Addison Wesley, 2006.\n* M. Howard and D. LeBlanc, *Writing Secure Code*, 2nd Edition, Chapter 9 - 'Protecting Secret Data', p. 299. Microsoft, 2002.\n* OWASP: [Logging Cheat Sheet - Data to exclude](https://cheatsheetseries.owasp.org/cheatsheets/Logging_Cheat_Sheet.html#data-to-exclude).\n* Common Weakness Enumeration: [CWE-312](https://cwe.mitre.org/data/definitions/312.html).\n* Common Weakness Enumeration: [CWE-359](https://cwe.mitre.org/data/definitions/359.html).\n* Common Weakness Enumeration: [CWE-532](https://cwe.mitre.org/data/definitions/532.html).\n","security_severity_level":"high"},"tool":{"name":"CodeQL","guid":null,"version":"2.25.1"},"most_recent_instance":{"ref":"refs/heads/main","analysis_key":".github/workflows/codeql.yml:analyze","environment":"{}","category":".github/workflows/codeql.yml:analyze","state":"open","commit_sha":"a00bc9e55a15255d546ee5dfbdc51711dbfc71e3","message":{"text":"This operation writes secret_keys to a log file.\nThis operation writes secret_keys to a log file.\nThis operation writes secret_keys to a log file.\nThis operation writes read_secret_requirements(...) to a log file.\nThis operation writes canonical_secret_name(...) to a log file.\nThis operation writes load_secret_keys_from_pack(...) to a log file."},"location":{"path":"src/secret_name.rs","start_line":15,"end_line":15,"start_column":9,"end_column":18},"classifications":[]},"instances_url":"https://api.github.com/repos/greenticai/greentic-start/code-scanning/alerts/1/instances","dismissal_approved_by":null,"assignees":[]}]