Leakage of sensitive data to Google Analytics (React)

• Rule ID: javascript_react_google_analytics
• Languages: javascript
• Source: google_analytics.yml

Description

Sending sensitive data to Google Analytics can result in data leaks. This vulnerability arises when sensitive or confidential information is inadvertently transmitted to Google Analytics, posing a risk of unauthorized access and potential data breaches.

Remediations

• Do not include sensitive information in data payloads sent to Google Analytics. Always review the data being transmitted to ensure it does not contain personal or confidential details.
• Do use data processing techniques to anonymize or remove sensitive data before sending it to Google Analytics. This can include techniques like hashing or tokenization to ensure that any data transmitted cannot be used to identify an individual.

Associated CWE

• CWE-201: Insertion of Sensitive Information Into Sent Data

OWASP Top 10

• A01:2021 - Broken Access Control

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=javascript_react_google_analytics

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=javascript_react_google_analytics