Leakage of sensitive data in dynamic file generation

• Rule ID: javascript_lang_file_generation
• Languages: javascript
• Source: file_generation.yml

Description

Sensitive data leakage in dynamic file generation occurs when sensitive information is written to static files such as logs, backups, or data exports. This vulnerability exposes sensitive data to unauthorized access.

Remediations

• Do not write sensitive data directly to logs, backups, or data exports. This practice can lead to unauthorized access to sensitive information.

  fs.writeFile("data.csv", JSON.stringify(users), "utf-8", (err) => {
    if (err) console.log(err)
  })

• Do obfuscate or filter sensitive data before writing it to static files. This reduces the risk of sensitive data exposure.

Associated CWE

• CWE-313: Cleartext Storage in a File or on Disk

OWASP Top 10

• A04:2021 - Insecure Design

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=javascript_lang_file_generation

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=javascript_lang_file_generation