Leakage of information in logger message

Overview

Rule ID: javascript_lang_logger_leak
Applicable Languages: Javascript
Weakness ID: CWE-532

Description

Information leakage through logger messages can expose sensitive data. This vulnerability occurs when dynamic data or variables, potentially containing sensitive information, are included in log messages.

Remediation Guidelines

Avoid including sensitive data directly in logger messages, as this can result in the exposure of such data in log files that may be accessible to unauthorized individuals. For example, using
```
logger.info(`Results: ${data}`) // unsafe
```
Instead, use logging levels appropriately to manage the verbosity of log output and reduce the risk of disclosing sensitive information in production environments.

References

Configuration

To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our SAST TOOL

PreviousLeakage of hard-coded secret in JWT NextLeakage of sensitive data in dynamic file generation

Last updated 1 year ago

hashtagOverview

hashtagDescription

hashtagRemediation Guidelines

hashtagReferences

hashtagConfiguration

Overview

Description

Remediation Guidelines

References

Configuration