Skip to content

JS/Py: Fix cleartext logging CWEs#7233

Merged
yoff merged 2 commits intogithub:mainfrom
RasmusWL:fix-cleartext-logging-cwes
Nov 29, 2021
Merged

JS/Py: Fix cleartext logging CWEs#7233
yoff merged 2 commits intogithub:mainfrom
RasmusWL:fix-cleartext-logging-cwes

Conversation

@RasmusWL
Copy link
Member

No description provided.

Since it is not relevant for this query:

CWE-315: Cleartext Storage of Sensitive Information in a Cookie

See https://cwe.mitre.org/data/definitions/315.html
Relevant for this query:

CWE-532: Insertion of Sensitive Information into Log File

> While logging all information may be helpful during development
> stages, it is important that logging levels be set appropriately
> before a product ships so that sensitive user data and system
> information are not accidentally exposed to potential attackers.

See https://cwe.mitre.org/data/definitions/532.html

JS also did this recently: github#7103
@RasmusWL RasmusWL requested review from a team as code owners November 24, 2021 14:03
@RasmusWL RasmusWL added the no-change-note-required This PR does not need a change note label Nov 24, 2021
Copy link
Contributor

@erik-krogh erik-krogh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

JS 👍

Copy link
Contributor

@yoff yoff left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@yoff yoff merged commit e63f914 into github:main Nov 29, 2021
@RasmusWL RasmusWL deleted the fix-cleartext-logging-cwes branch November 29, 2021 15:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

JS no-change-note-required This PR does not need a change note Python

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants