63 lines
1.2 KiB
Plaintext
63 lines
1.2 KiB
Plaintext
:language_std_outputs: console
|
|
|
|
== Why is this an issue?
|
|
|
|
include::../description.adoc[]
|
|
|
|
=== Code examples
|
|
|
|
The following noncompliant code:
|
|
|
|
[source,javascript,diff-id=1,diff-type=noncompliant]
|
|
----
|
|
function doSomething() {
|
|
// ...
|
|
console.log("My Message");
|
|
// ...
|
|
}
|
|
----
|
|
|
|
In `Node.js` could be replaced by the `winston` logging library:
|
|
|
|
[source,javascript,diff-id=1,diff-type=compliant]
|
|
----
|
|
const winston = require("winston");
|
|
|
|
const logger = winston.createLogger({
|
|
level: "debug",
|
|
format: winston.format.json(),
|
|
transports: [new winston.transports.Console()],
|
|
});
|
|
|
|
|
|
function doSomething() {
|
|
// ...
|
|
logger.info("My Message");
|
|
// ...
|
|
}
|
|
----
|
|
|
|
== Resources
|
|
|
|
* OWASP - https://owasp.org/Top10/A09_2021-Security_Logging_and_Monitoring_Failures/[Top 10 2021 Category A9 - Security Logging and Monitoring Failures]
|
|
* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
=== Message
|
|
|
|
Replace this usage of console.{log|warn|error} by a logger.
|
|
|
|
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
include::../comments-and-links.adoc[]
|
|
|
|
endif::env-github,rspecator-view[]
|