48 lines
1.5 KiB
Plaintext
48 lines
1.5 KiB
Plaintext
|
include::../description.adoc[]
|
||
|
|
|
||
|
|
include::../ask-yourself.adoc[]
|
||
|
|
|
||
|
|
include::../recommended.adoc[]
|
||
|
|
|
||
|
|
== Sensitive Code Example
|
||
|
|
|
||
|
|
With https://www.npmjs.com/package/signale[Signale log management framework] the code is sensitive when an empty list of secrets is defined:
|
||
|
|
----
|
||
|
|
const { Signale } = require('signale');
|
||
|
|
|
||
|
|
const CREDIT_CARD_NUMBERS = fetchFromWebForm()
|
||
|
|
// here we suppose the credit card numbers are retrieved somewhere and CREDIT_CARD_NUMBERS looks like [1234-5678-0000-9999", "1234-5678-0000-8888"]; for instance
|
||
|
|
|
||
|
|
const options = {
|
||
|
|
secrets: [] // empty list of secrets
|
||
|
|
};
|
||
|
|
|
||
|
|
const logger = new Signale(options); // Sensitive
|
||
|
|
|
||
|
|
CREDIT_CARD_NUMBERS.forEach(function(CREDIT_CARD_NUMBER) {
|
||
|
|
logger.log('The customer ordered products with the credit card number = %s', CREDIT_CARD_NUMBER);
|
||
|
|
});
|
||
|
|
----
|
||
|
|
|
||
|
|
== Compliant Solution
|
||
|
|
|
||
|
|
With https://www.npmjs.com/package/signale[Signale log management framework] it is possible to define a list of secrets that will be hidden in logs:
|
||
|
|
----
|
||
|
|
const { Signale } = require('signale');
|
||
|
|
|
||
|
|
const CREDIT_CARD_NUMBERS = fetchFromWebForm()
|
||
|
|
// here we suppose the credit card numbers are retrieved somewhere and CREDIT_CARD_NUMBERS looks like [1234-5678-0000-9999", "1234-5678-0000-8888"]; for instance
|
||
|
|
|
||
|
|
const options = {
|
||
|
|
secrets: ["([0-9]{4}-?)+"]
|
||
|
|
};
|
||
|
|
|
||
|
|
const logger = new Signale(options); // Compliant
|
||
|
|
|
||
|
|
CREDIT_CARD_NUMBERS.forEach(function(CREDIT_CARD_NUMBER) {
|
||
|
|
logger.log('The customer ordered products with the credit card number = %s', CREDIT_CARD_NUMBER);
|
||
|
|
});
|
||
|
|
----
|
||
|
|
|
||
|
|
include::../see.adoc[]
|