返回 Skill 列表
extension
分类: 开发与工程无需 API Key

cwe-359-privacy-violation

在需要修复Java代码中的CWE-359(隐私泄露)漏洞时使用此技能。触发于静态应用安全测试结果、安全审查或修复隐私泄露问题时。

person作者: jakexiaohubgithub

CWE-359 Privacy Violation

Description

Privacy Violation

Reference: https://cwe.mitre.org/data/definitions/359.html

OWASP Category: A02:2021 – Cryptographic Failures


Vulnerable Pattern

❌ Example 1: Vulnerable Pattern

// VULNERABLE: PII exposed in logs
log.info("User login: " + user.getEmail() + ", SSN: " + user.getSsn());

// VULNERABLE: PII in API response
return new UserResponse(user.getName(), user.getSsn(), user.getAddress());

Why it's vulnerable: This pattern is vulnerable to Privacy Violation


Deterministic Fix

✅ Secure Implementation: Secure Implementation

// SECURE: Mask PII in logs
log.info("User login: {}", maskEmail(user.getEmail()));

// SECURE: Only expose necessary data, mask sensitive fields
public UserResponse toResponse(User user) {
    return UserResponse.builder()
        .name(user.getName())
        .email(maskEmail(user.getEmail()))
        .ssnLast4(user.getSsn().substring(user.getSsn().length() - 4))
        .build();
}

private String maskEmail(String email) {
    int at = email.indexOf('@');
    return email.charAt(0) + "***" + email.substring(at);
}

Why it's secure: Implements proper protection against Privacy Violation


Detection Pattern

Look for these patterns in your codebase:

# Find PII in logs
grep -rn "log.*ssn\\|log.*email\\|log.*password" --include="*.java"

Remediation Steps

  1. Identify all PII fields (SSN, email, address, etc.)

  2. Mask PII in logs

  3. Return minimal data in API responses

  4. Implement data minimization principles


Key Imports


Verification

After remediation:

  • Run SAST scanner to confirm vulnerability is resolved

  • Review all instances of the vulnerable pattern

  • Add unit tests that verify the secure implementation

  • Check for similar patterns in related code


Trigger Examples

Fix CWE-359 vulnerability
Resolve Privacy Violation issue
Secure this Java code against privacy violation
SAST reports CWE-359

Common Vulnerable Locations

| Layer | Files | Patterns | |-------|-------|----------|

| Controller | *Controller.java | User input handling |

| Service | *Service.java | Business logic |

| Repository | *Repository.java | Data access |


References


Source: Generated by Java CWE Security Skills Generator Last Updated: 2026-03-07