Do not log sensitive data such as user id, email or other personal data (first name, last name, etc).
Non-Compliant Code Examples
console.log("email from user"+user.email);console.log(`email from user ${user.email}`);logger.info(`email from user ${user.email}`);logger.info(`email from user ${user.name}: ${user.email}`);logger.info(`email from user ${username}: ${user.email}`);logger.warn(email);logger.error(`email from user ${email}`);foobar.error(`email from user ${email}`);logger.foobar(`email from user ${email}`);
Compliant Code Examples
console.log("email from user"+user.id);console.log(`email from user ${user.uuid}`);
Seamless integrations. Try Datadog Code Analysis
Datadog Code Analysis
Try this rule and analyze your code with Datadog Code Analysis
How to use this rule
1
2
rulesets:- javascript-node-security # Rules to enforce JavaScript node security.
Create a static-analysis.datadog.yml with the content above at the root of your repository
Use our free IDE Plugins or add Code Analysis scans to your CI pipelines
