Sensitive Data: Sensitive Data Leak in JavaScript Bundle¶

Identifier: js_data_leak

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

Sensitive data leaks in JavaScript bundles can expose internal URLs, email addresses, debug information, and other data that aids attackers.

How we test: We statically analyze first-party JavaScript bundles to detect leaked PII (emails, phone numbers), internal/debug URLs, localStorage/sessionStorage writes of sensitive data, and console.log statements exposing sensitive variables.

References:

https://cwe.mitre.org/data/definitions/200.html

Configuration¶

Example¶

Example configuration:

---
security_tests:
  js_data_leak:
    issues_count_limit: 20
    skip: false

Reference¶

`issues_count_limit`¶

Type : integer

The maximum number of issues to report. Use 0 to report all issues.

`skip`¶

Type : boolean

Skip the test if true.