:language_std_outputs: console

== Why is this an issue?

include::../description.adoc[]

=== Code examples

The following noncompliant code:

[source,javascript,diff-id=1,diff-type=noncompliant]
----
function doSomething() {
  // ...
  console.log("My Message");
  // ...
}
----

In `Node.js` could be replaced by the `winston` logging library:

[source,javascript,diff-id=1,diff-type=compliant]
----
const winston = require("winston");

const logger = winston.createLogger({
  level: "debug",
  format: winston.format.json(),
  transports: [new winston.transports.Console()],
});


function doSomething() {
  // ...
  logger.info("My Message");
  // ...
}
----

== Resources

* OWASP - https://owasp.org/Top10/A09_2021-Security_Logging_and_Monitoring_Failures/[Top 10 2021 Category A9 - Security Logging and Monitoring Failures]
* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure]

ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

=== Message

Replace this usage of console.{log|warn|error} by a logger.


'''
== Comments And Links
(visible only on this page)

include::../comments-and-links.adoc[]

endif::env-github,rspecator-view[]