Leakage of sensitive data to Datadog

Overview

Rule ID: javascript_third_parties_datadog
Applicable Languages: Javascript
Weakness ID: CWE-201

Description

Leaking sensitive data to third-party loggers like Datadog is a common cause of data leaks and can lead to data breaches.

Remediation Guidelines

Do ensure all sensitive data is removed when logging data or events to Datadog

Do use unique identifiers from the database if you really need to identify users.

const StatsD = require("hot-shots");
const client = new StatsD({
  port: 8020,
  globalTags: { env: process.env.NODE_ENV },
  errorHandler: errorHandler,
});

client.event(user.uuid, "logged_in", {});

References

Datadog docs
Scrubbing data
OWASP logging cheat sheet
CWE-201: Insertion of Sensitive Information Into Sent Data
OWASP Top 10: A01:2021 - Broken Access Control

Configuration

To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our SAST TOOL

PreviousLeakage of sensitive data to Datadog RUM NextLeakage of sensitive data to ElasticSearch

Last updated 1 year ago

hashtagOverview

hashtagDescription

hashtagRemediation Guidelines

hashtagReferences

hashtagConfiguration

Overview

Description

Remediation Guidelines

References

Configuration