Leakage of sensitive data to Algolia | Sec1

Products Book A Demo Contact Us

Overview

Rule ID: javascript_third_parties_algolia
Applicable Languages: Javascript
Weakness ID: CWE-201

Description

Leaking sensitive data to third-party loggers like Algolia is a common cause of data leaks and can lead to data breaches.

Remediation Guidelines

Do ensure all sensitive data is removed when logging errors or events to Algolia

Do use unique identifiers from the database if you really need to identify users.

const algoliaSearch = require('algoliasearch')
const myAlgolia = algoliaSearch("123", "123")
const index = myAlgolia.initIndex(user.uuid)

References

Configuration