pyscg 06_logging, updated titles as part of #1017

docs/Secure-Coding-Guide-for-Python/01_introduction/pyscg-0041/README.md

@@ -157,7 +157,7 @@ if __name__ == "__main__":
     unittest.main()
 ```
 
-The `compliant01.py` code avoids using password based authentication in the first place. It prints connection information only for convenience here and should not be considered in a real world implementation as per [pyscg-0019: Insertion of Sensitive Information into Log File](../../06_logging/pyscg-0019/README.md) \[OSSF 2025\].
+The `compliant01.py` code avoids using password based authentication in the first place. It prints connection information only for convenience here and should not be considered in a real world implementation as per [pyscg-0019: Exclude Sensitive Data From Logs](../../06_logging/pyscg-0019/README.md) \[OSSF 2025\].
 
 ## Automated Detection
 

docs/Secure-Coding-Guide-for-Python/04_neutralization/pyscg-0009/README.md

@@ -29,8 +29,8 @@ Following table 00 provides a limited list of Unix shell commands to Python modu
 
 Any variation of using input from a lesser trusted source as part of a command line program has a very high probability of resulting in a potential attack including the use of specialized modules. Consider:
 
-* *[pyscg-0047: Use Allows Lists Over Deny Lists](../../04_neutralization/pyscg-0047/README.md)*
-* *[pyscg-0050: Generation of Error Message Containing Sensitive Information](../../06_logging/pyscg-0050/README.md)*
+* *[pyscg-0047: Incomplete List of Disallowed Input](../../04_neutralization/pyscg-0047/README.md)*
+* *[pyscg-0050: Sanitize Error Output to Prevent Information Disclosure](../../06_logging/pyscg-0050/README.md)*
 * *[pyscg-0040: Use Process Isolation for Trust Zones](../../01_introduction/pyscg-0040/README.md)*
 
 ## Non-Compliant Code Example (Read Only)

docs/Secure-Coding-Guide-for-Python/04_neutralization/pyscg-0012/README.md

@@ -325,7 +325,7 @@ The `compliant01.py` code will extract everything below the provided `base_path`
     </tr>
     <tr>
         <td>Secure Coding in Python</td>
-        <td>Base: <a href="../../06_logging/pyscg-0050/README.md">pyscg-0050: Generation of Error Message Containing Sensitive Information</a></td>
+        <td>Base: <a href="../../06_logging/pyscg-0050/README.md">pyscg-0050: Sanitize Error Output to Prevent Information Disclosure</a></td>
     </tr>
     <tr>
         <td><a href="https://wiki.sei.cmu.edu/confluence/display/java/SEI+CERT+Oracle+Coding+Standard+for+Java">[SEI CERT Oracle Coding Standard for Java]</a></td>

docs/Secure-Coding-Guide-for-Python/06_logging/pyscg-0019/README.md

@@ -1,6 +1,6 @@
-# pyscg-0019: Insertion of Sensitive Information into Log File
+# pyscg-0019: Exclude Sensitive Data From Logs
 
-Do not log any sensitive information such as passwords or credit card numbers. Encrypt or anonymize personal information such as user names, and date of birth in plain text.
+Do not log any sensitive information such as passwords or credit card numbers. Encrypt or anonymize personal information such as user names and date of birth.
 
 Logging is crucial for tasks like debugging, forensic analysis, and the general management of various incidents, however, it poses significant challenges when it comes to personal information and sensitive information.
 

docs/Secure-Coding-Guide-for-Python/06_logging/pyscg-0020/README.md

@@ -1,6 +1,6 @@
-# pyscg-0020: Insufficient Logging
+# pyscg-0020: Implement Informative Event Logging
 
-Ensure you have sufficient logging in order to adequately record important events within an application and/or system.
+Log security events such as authentication attempts, authorization failures, and data access to support incident response.
 
 Without comprehensive and sufficient logging, it becomes challenging to identify and respond to security incidents, leading to delayed and/or inefficient incident response efforts.
 

docs/Secure-Coding-Guide-for-Python/06_logging/pyscg-0021/README.md

@@ -1,4 +1,4 @@
-# pyscg-0021: Active Debug Code
+# pyscg-0021: Exclude Developer Tools From the Final Product
 
 Keep design tooling in separate packages from the actual product and supply useful logging.
 
@@ -39,7 +39,7 @@ Not knowing that a product must be deployed differently in production than in st
 |[MITRE CWE](http://cwe.mitre.org/)|Pillar: [CWE-710: Improper Adherence to Coding Standards (4.13) (mitre.org)](https://cwe.mitre.org/data/definitions/710.html)|
 |[MITRE CWE](http://cwe.mitre.org/)|Base: [CWE-489: Active Debug Code (4.13) (mitre.org)](https://cwe.mitre.org/data/definitions/489.html)|
 |[SEI CERT Coding Standard for Java](https://wiki.sei.cmu.edu/confluence/display/java/SEI+CERT+Oracle+Coding+Standard+for+Java)|[ENV05-J. Do not deploy an application that can be remotely monitored](https://wiki.sei.cmu.edu/confluence/display/java/ENV05-J.+Do+not+deploy+an+application+that+can+be+remotely+monitored)|
-|[Python - Secure Coding One Stop Shop](https://github.com/ossf/wg-best-practices-os-developers/tree/main/docs/Secure-Coding-Guide-for-Python/)|[pyscg-0019: Insertion of Sensitive Information into Log File](../pyscg-0019/README.md)|
+|[Python - Secure Coding One Stop Shop](https://github.com/ossf/wg-best-practices-os-developers/tree/main/docs/Secure-Coding-Guide-for-Python/)|[pyscg-0019: Exclude Sensitive Data From Logs](../pyscg-0019/README.md)|
 
 ## Bibliography
 

docs/Secure-Coding-Guide-for-Python/06_logging/pyscg-0022/README.md

@@ -1,4 +1,4 @@
-# pyscg-0022: Improper Output Neutralization for Logs
+# pyscg-0022: Neutralize Untrusted Data in Logs
 
 Ensure all untrusted data is properly neutralized or sanitized before writing to application logs.
 

docs/Secure-Coding-Guide-for-Python/06_logging/pyscg-0050/README.md

@@ -1,7 +1,7 @@
-# pyscg-0050: Generation of Error Message Containing Sensitive Information
+# pyscg-0050: Sanitize Error Output to Prevent Information Disclosure
 
 Prevent an attacker from discovering internal or sensitive system information by filtering, splitting and applying brute force prevention tactics when displaying error messages to a user.
-This rule is closely related to [pyscg-0019: Insertion of Sensitive Information into Log File](../pyscg-0019/README.md).
+This rule is closely related to [pyscg-0019: Exclude Sensitive Data From Logs](../pyscg-0019/README.md).
 
 Ensure that detailed troubleshooting and security sensitive error information can only reach authorized personnel while avoiding overload from brute force attacks.
 
@@ -99,7 +99,7 @@ class FileReader:
             fh.readlines()
         except OSError as e:
             # TODO: log the original exception
-            # For more details, check CWE-693/CWE-778: Insufficient Logging
+            # For more details, check pyscg-0020: Implement Informative Event Logging
 
             # Throw a generic exception instead
             sys.tracebacklimit = 0
@@ -183,7 +183,7 @@ Details on other best practices are only mentioned as a TODO comment such as:
 * Rules related to logging ([pyscg-0022: Improper Output Neutralization for Logs](../pyscg-0022/README.md), [pyscg-0019: Insertion of Sensitive Information into Log File](../pyscg-0019/README.md))
 * File access, log access control
 * Log level, log format in accordance with [rfc5424](https://www.rfc-editor.org/rfc/rfc5424)
-* [pyscg-0020: Insufficient Logging](../pyscg-0020/README.md)
+* [pyscg-0020: Implement Informative Event Logging](../pyscg-0020/README.md)
 
 Useful internal logging must be resilient against brute force attacks currently not covered in `compliant01.py`.
 
@@ -227,10 +227,10 @@ def file_reader(args: list):
         logging.exception("ERROR %s", error_id)
 
         # TODO: handle the exception in accordance with
-        # - CWE-390: Detection of Error Condition without Action
+        # - pyscg-0016: Propagate Exceptions and Preserve Context
         # TODO: log the error with a unique error_id and apply:
-        # - CWE-117: Improper Output Neutralization for Logs
-        # - CWE-532: Insertion of Sensitive Information into Log File
+        # - pyscg-0022: Neutralize Untrusted Data in Logs
+        # - pyscg-0019: Exclude Sensitive Data From Logs
 
         # Present a simplified error to the client
         print("\n***** Frontend 'client' error: *****")

docs/Secure-Coding-Guide-for-Python/06_logging/pyscg-0050/compliant01.py

@@ -35,10 +35,10 @@ def file_reader(args: list):
         logging.exception("ERROR %s", error_id)
 
         # TODO: handle the exception in accordance with
-        # - CWE-390: Detection of Error Condition without Action
+        # - pyscg-0016: Propagate Exceptions and Preserve Context
         # TODO: log the error with a unique error_id and apply:
-        # - CWE-117: Improper Output Neutralization for Logs
-        # - CWE-532: Insertion of Sensitive Information into Log File
+        # - pyscg-0022: Neutralize Untrusted Data in Logs
+        # - pyscg-0019: Exclude Sensitive Data From Logs
 
         # Present a simplified error to the client
         print("\n***** Frontend 'client' error: *****")

docs/Secure-Coding-Guide-for-Python/06_logging/pyscg-0050/noncompliant02.py

@@ -15,7 +15,7 @@ def __init__(self, args: list):
             fh.readlines()
         except OSError as e:
             # TODO: log the original exception
-            # For more details, check CWE-693/CWE-778: Insufficient Logging
+            # For more details, check pyscg-0020: Implement Informative Event Logging
 
             # Throw a generic exception instead
             sys.tracebacklimit = 0

docs/Secure-Coding-Guide-for-Python/readme.md

@@ -245,31 +245,31 @@ It is __not production code__ and requires code-style or python best practices t
 </tr>
 
 <tr>
-<td><a href="06_logging/pyscg-0019/README.md">pyscg-0019: Insertion of Sensitive Information into Log File</a></td>
+<td><a href="06_logging/pyscg-0019/README.md">pyscg-0019: Exclude Sensitive Data From Logs</a></td>
 <td><a href="https://www.cvedetails.com/cve/CVE-2023-45585">CVE-2023-45585</a>,<br>CVSSv3.1: <strong>9.8</strong>,<br>EPSS: <strong>0.04</strong> (01.11.2024)</td>
 <td><a href="https://cwe.mitre.org/data/definitions/532.html">CWE-532</a></td>
 </tr>
 
 <tr>
-<td><a href="06_logging/pyscg-0020/README.md">pyscg-0020: Insufficient Logging</a></td>
+<td><a href="06_logging/pyscg-0020/README.md">pyscg-0020: Implement Informative Event Logging</a></td>
 <td></td>
 <td><a href="https://cwe.mitre.org/data/definitions/778.html">CWE-778</a></td>
 </tr>
 
 <tr>
-<td><a href="06_logging/pyscg-0021/README.md">pyscg-0021: Active Debug Code</a></td>
+<td><a href="06_logging/pyscg-0021/README.md">pyscg-0021: Exclude Developer Tools From the Final Product</a></td>
 <td><a href="https://www.cvedetails.com/cve/CVE-2018-14649">CVE-2018-14649</a>,<br>CVSSv3.1: <strong style='color:red'>9.8</strong>,<br>EPSS: <strong>69.64</strong> (12.12.2023)</td>
 <td><a href="https://cwe.mitre.org/data/definitions/489.html">CWE-489</a></td>
 </tr>
 
 <tr>
-<td><a href="06_logging/pyscg-0022/README.md">pyscg-0022: Improper Output Neutralization for Logs</a></td>
+<td><a href="06_logging/pyscg-0022/README.md">pyscg-0022: Neutralize Untrusted Data in Logs</a></td>
 <td></td>
 <td><a href="https://cwe.mitre.org/data/definitions/117.html">CWE-117</a></td>
 </tr>
 
 <tr>
-<td><a href="06_logging/pyscg-0050/README.md">pyscg-0050: Generation of Error Message Containing Sensitive Information</a></td>
+<td><a href="06_logging/pyscg-0050/README.md">pyscg-0050: Sanitize Error Output to Prevent Information Disclosure</a></td>
 <td></td>
 <td><a href="https://cwe.mitre.org/data/definitions/209.html">CWE-209</a></td>
 </tr>