Sensitive data sent to Google Tag Manager detected.
- Rule ID: javascript_third_parties_google_tag_manager
- Languages: javascript
- Source: google_tag_manager.yml
Description
Leaking sensitive data to third parties is a common cause of data leaks and can lead to data breaches. This rule looks for instances of leaking sensitive data to third parties using google tag manager.
❌ Avoid sending sensitive data to third parties:
datalayer.push({
user: {
email: user.email
}
})
✅ If you need to identify a user, ensure to use their unique identifier instead of their personal identifiable information:
datalayer.push({
user: {
uuid: user.uuid
}
})
Resources
Associated CWE
OWASP Top 10
Configuration
To skip this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --skip-rule=javascript_third_parties_google_tag_manager
To run only this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --only-rule=javascript_third_parties_google_tag_manager
Ready to take the next step? Learn more about Bearer Cloud.