Leakage of sensitive data to Google Analytics (React)

Overview

• Rule ID: javascript_react_google_analytics

• Applicable Languages: Javascript

• Weakness ID: CWE-201

Description

Sending sensitive data to Google Analytics can lead to data leaks. This vulnerability occurs when confidential or sensitive information is unintentionally sent to Google Analytics, creating a risk of unauthorized access and potential data breaches.

Remediation Guidelines

• Avoid including sensitive information in data payloads sent to Google Analytics. Always review the transmitted data to ensure it does not contain personal or confidential details.

• Use data processing techniques to anonymize or remove sensitive information before sending it to Google Analytics. Methods such as hashing or tokenization can help ensure that transmitted data cannot be used to identify individuals.

References

• CWE-201: Insertion of Sensitive Information Into Sent Data

• OWASP Top 10: A01:2021 - Broken Access Control

Configuration

To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our SAST TOOL