Leakage of sensitive data to HoneyBadger

Overview

Rule ID: javascript_third_parties_honeybadger
Applicable Languages: Javascript
Weakness ID: CWE-201

Description

Leaking sensitive data to third-party loggers like HoneyBadger is a common cause of data leaks and can lead to data breaches.

Remediation Guidelines

Do ensure all sensitive data is removed when logging errors or events to HoneyBadger

Do use unique identifiers from the database if you really need to identify users.

const Honeybadger = require("@honeybadger-io/js");

let context = { user: { uuid: "aacd05fd-8f5b-4bc6-aa8b-35e5fbf37325" } };

Honeybadger.setContext(context);

References

Honeybadger Docs
OWASP logging cheat sheet
CWE-201: Insertion of Sensitive Information Into Sent Data
OWASP Top 10: A01:2021 - Broken Access Control

Configuration

To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our SAST TOOL

PreviousLeakage of sensitive data to Google Tag Manager NextLeakage of sensitive data to New Relic

Last updated 1 year ago

hashtagOverview

hashtagDescription

hashtagRemediation Guidelines

hashtagReferences

hashtagConfiguration

Overview

Description

Remediation Guidelines

References

Configuration