Fix Insufficient Logging & Monitoring in Rocket
In the Rocket ecosystem, relying on default stdout is a recipe for disaster. Insufficient Logging & Monitoring (A09:2021) allows attackers to maintain persistence and escalate privileges without detection. To secure a Rocket app, you must implement structured logging that captures security-relevant events—authentication failures, authorization bypass attempts, and input validation errors—with enough context (IPs, Request IDs, User Agents) to build a forensic timeline.
The Vulnerable Pattern
#[post("/login", data = "")]\nfn login(auth_form: Form) -> Flash {\n let user = db::find_user(&auth_form.username);\n if user.is_some() && verify_pw(&auth_form.password, &user.unwrap().hash) {\n Flash::success(Redirect::to("/dashboard"), "Welcome")\n } else {\n // VULNERABILITY: Silent failure. No log entry for failed login.\n // An attacker can brute-force this endpoint without triggering any alerts.\n Flash::error(Redirect::to("/login"), "Invalid credentials")\n }\n} The Secure Implementation
The secure implementation replaces silent failures with structured logs using the `tracing` crate. Key improvements: 1. Contextual Data: We capture the IP address and username. 2. Event Tagging: Logs include specific 'event' fields for easy filtering in ELK/Splunk. 3. Instrumentation: Using `#[instrument]` ensures every log line within the function carries the Request ID and correlation metadata. 4. Monitoring: By logging `auth.failure` at a `warn` level, DevOps can set up automated alerts (e.g., 5 failures in 1 min from 1 IP) to trigger a WAF block.
use tracing::{info, warn, error, instrument};\n\n#[post("/login", data = "")]\n#[instrument(skip(auth_form, _remote_addr), fields(user = %auth_form.username, ip = %_remote_addr))]\nfn login(auth_form: Form, _remote_addr: SocketAddr) -> Flash {\n let user = db::find_user(&auth_form.username);\n \n match user {\n Some(u) if verify_pw(&auth_form.password, &u.hash) => {\n info!(event = "auth.success", user_id = %u.id, "User logged in successfully");\n Flash::success(Redirect::to("/dashboard"), "Welcome")\n },\n _ => {\n // SECURE: Structured log with context for SIEM/Monitoring\n warn!(event = "auth.failure", "Failed login attempt detected");\n Flash::error(Redirect::to("/login"), "Invalid credentials")\n }\n }\n}
Your Rocket API
might be exposed to Insufficient Logging & Monitoring
74% of Rocket apps fail this check. Hackers use automated scanners to find this specific flaw. Check your codebase before they do.
Free Tier • No Credit Card • Instant Report
Verified by Ghost Labs Security Team
This content is continuously validated by our automated security engine and reviewed by our research team. Ghost Labs analyzes over 500+ vulnerability patterns across 40+ frameworks to provide up-to-date remediation strategies.