60 lines
1.7 KiB
Plaintext
60 lines
1.7 KiB
Plaintext
include::../description.adoc[]
|
|
|
|
include::../ask-yourself.adoc[]
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
== Sensitive Code Example
|
|
|
|
With https://www.npmjs.com/package/signale[Signale log management framework] the code is sensitive when an empty list of secrets is defined:
|
|
|
|
----
|
|
const { Signale } = require('signale');
|
|
|
|
const CREDIT_CARD_NUMBERS = fetchFromWebForm()
|
|
// here we suppose the credit card numbers are retrieved somewhere and CREDIT_CARD_NUMBERS looks like ["1234-5678-0000-9999", "1234-5678-0000-8888"]; for instance
|
|
|
|
const options = {
|
|
secrets: [] // empty list of secrets
|
|
};
|
|
|
|
const logger = new Signale(options); // Sensitive
|
|
|
|
CREDIT_CARD_NUMBERS.forEach(function(CREDIT_CARD_NUMBER) {
|
|
logger.log('The customer ordered products with the credit card number = %s', CREDIT_CARD_NUMBER);
|
|
});
|
|
----
|
|
|
|
== Compliant Solution
|
|
|
|
With https://www.npmjs.com/package/signale[Signale log management framework] it is possible to define a list of secrets that will be hidden in logs:
|
|
|
|
[source,javascript]
|
|
----
|
|
const { Signale } = require('signale');
|
|
|
|
const CREDIT_CARD_NUMBERS = fetchFromWebForm()
|
|
// here we suppose the credit card numbers are retrieved somewhere and CREDIT_CARD_NUMBERS looks like ["1234-5678-0000-9999", "1234-5678-0000-8888"]; for instance
|
|
|
|
const options = {
|
|
secrets: ["([0-9]{4}-?)+"]
|
|
};
|
|
|
|
const logger = new Signale(options); // Compliant
|
|
|
|
CREDIT_CARD_NUMBERS.forEach(function(CREDIT_CARD_NUMBER) {
|
|
logger.log('The customer ordered products with the credit card number = %s', CREDIT_CARD_NUMBER);
|
|
});
|
|
----
|
|
|
|
include::../see.adoc[]
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
include::../message.adoc[]
|
|
|
|
endif::env-github,rspecator-view[]
|