Avoid logging sensitive data

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Metadata

ID: javascript-node-security/log-sensitive-data

Language: JavaScript

Severity: Warning

Category: Security

CWE: 532

Description

Do not log sensitive data such as user id, email or other personal data (first name, last name, etc).

Non-Compliant Code Examples

console.log("email from user" + user.email);
console.log(`email from user ${user.email}`);
logger.info(`email from user ${user.email}`);
logger.info(`email from user ${user.name}: ${user.email}`);
logger.info(`email from user ${username}: ${user.email}`);
logger.warn(email);
logger.error(`email from user ${email}`);

foobar.error(`email from user ${email}`);

logger.foobar(`email from user ${email}`);

Compliant Code Examples

console.log("email from user" + user.id);
console.log(`email from user ${user.uuid}`);
https://static.datadoghq.com/static/images/logos/github_avatar.svg https://static.datadoghq.com/static/images/logos/vscode_avatar.svg jetbrains

Seamless integrations. Try Datadog Code Analysis