Leakage of sensitive data to Datadog RUM

Overview

• Rule ID: javascript_third_parties_datadog_browser

• Applicable Languages: Javascript

• Weakness ID: CWE-201

Description

Sensitive and private data on your pages may be sent to Datadog to identify elements with which a user interacted.

Remediation Guidelines

• Control the information sent to Datadog by either manually setting an action name or applying a global scrubbing rule in the Datadog Browser SDK for RUM.

References

• Datadog docs

• Scrubbing data

• OWASP logging cheat sheet

• CWE-201: Insertion of Sensitive Information Into Sent Data

• OWASP Top 10: A01:2021 - Broken Access Control

Configuration

To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our SAST TOOL