cwe-359-privacy-violation - SKILL.md Agent Skill

name: cwe-359-privacy-violation description: Use this skill when you need to remediate CWE-359 (Privacy Violation) vulnerabilities in Java code. Triggers on SAST findings, security reviews, or when fixing privacy violation issues. version: 1.0.0 license: MIT tags:

security
java
cwe-359
remediation
sast

CWE-359 Privacy Violation

Description

Privacy Violation

Reference: https://cwe.mitre.org/data/definitions/359.html

OWASP Category: A02:2021 – Cryptographic Failures

Vulnerable Pattern

❌ Example 1: Vulnerable Pattern

// VULNERABLE: PII exposed in logs
log.info("User login: " + user.getEmail() + ", SSN: " + user.getSsn());

// VULNERABLE: PII in API response
return new UserResponse(user.getName(), user.getSsn(), user.getAddress());

Why it's vulnerable: This pattern is vulnerable to Privacy Violation

Deterministic Fix

✅ Secure Implementation: Secure Implementation

// SECURE: Mask PII in logs
log.info("User login: {}", maskEmail(user.getEmail()));

// SECURE: Only expose necessary data, mask sensitive fields
public UserResponse toResponse(User user) {
    return UserResponse.builder()
        .name(user.getName())
        .email(maskEmail(user.getEmail()))
        .ssnLast4(user.getSsn().substring(user.getSsn().length() - 4))
        .build();
}

private String maskEmail(String email) {
    int at = email.indexOf('@');
    return email.charAt(0) + "***" + email.substring(at);
}

Why it's secure: Implements proper protection against Privacy Violation

Detection Pattern

Look for these patterns in your codebase:

# Find PII in logs
grep -rn "log.*ssn\\|log.*email\\|log.*password" --include="*.java"

Remediation Steps

Identify all PII fields (SSN, email, address, etc.)
Mask PII in logs
Return minimal data in API responses
Implement data minimization principles

Key Imports

Verification

After remediation:

Run SAST scanner to confirm vulnerability is resolved
Review all instances of the vulnerable pattern
Add unit tests that verify the secure implementation
Check for similar patterns in related code

Trigger Examples

Fix CWE-359 vulnerability
Resolve Privacy Violation issue
Secure this Java code against privacy violation
SAST reports CWE-359

Common Vulnerable Locations

Layer	Files	Patterns

| Controller | *Controller.java | User input handling |

| Service | *Service.java | Business logic |

| Repository | *Repository.java | Data access |

References

CWE-359: Privacy Violation

Source: Generated by Java CWE Security Skills Generator Last Updated: 2026-03-07