[BUG] Information Disclosure via Log File Paths

## Description

I had Claude conduct a security review on bash-logger external from GitHub. It suggested the follow:

## Classification

- **Low**

## Details

**Component:** Error messages in `init_logger()`  
**CWE:** CWE-209 (Generation of Error Message Containing Sensitive Information)

**Description:**

Error messages reveal full file system paths, which could aid attackers in reconnaissance:

```bash
echo "Error: Cannot create log directory '$LOG_DIR'" >&2
echo "Error: Cannot write to log file '$LOG_FILE'" >&2
```

**Impact:**
- Reveals directory structure
- Leaks username information if using $HOME
- Provides reconnaissance data for privilege escalation

**Recommendation:**

Option 1 - Sanitize paths in error messages (may reduce debuggability):
```bash
echo "Error: Cannot create log directory" >&2
echo "Error: Cannot write to log file" >&2
```

Option 2 - Add security logging mode that suppresses paths:
```bash
if [[ "$SECURITY_MODE" == "true" ]]; then
    echo "Error: Cannot create log directory" >&2
else
    echo "Error: Cannot create log directory '$LOG_DIR'" >&2
fi
```

**Priority:** Low - paths are typically not sensitive in most threat models, but defense-in-depth suggests minimizing information disclosure.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[BUG] Information Disclosure via Log File Paths #37

Description

Classification

Details

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

[BUG] Information Disclosure via Log File Paths #37

Description

Description

Classification

Details

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions