OeditusCredo.Check.Security.SensitiveDataExposure
(OeditusCredo v0.6.2)
View Source
Basics
This check is disabled by default.
Learn how to enable it via .credo.exs.
This check has a base priority of high and works with any version of Elixir.
Explanation
Detects potential sensitive data exposure in logs or console output (CWE-200).
Logging sensitive fields (passwords, tokens, secrets, credentials) can leak confidential data into log storage and observability systems.
Bad:
Logger.info("params: #{inspect(params)}")
IO.inspect(user.password_hash)Good:
Logger.info("user login", user_id: user.id)Check-Specific Parameters
Use the following parameters to configure this check:
:exclude_test_files
Set to true to skip test files (default: false)
This parameter defaults to nil.
:extra_sensitive_terms
Additional sensitive field name substrings to detect (default: [])
This parameter defaults to nil.
General Parameters
Like with all checks, general params can be applied.
Parameters can be configured via the .credo.exs config file.