Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SDK is logging sensitive data - transactionKey #460

Open
safrick opened this issue Jul 1, 2024 · 0 comments
Open

SDK is logging sensitive data - transactionKey #460

safrick opened this issue Jul 1, 2024 · 0 comments

Comments

@safrick
Copy link

safrick commented Jul 1, 2024

The transactionKey value is being logged by authorizenet/authorizenet/lib/net/authorize/util/HttpClient.php : 77.

Using: sdk-php-2.0.3 per composer, although the SDK reports 2.0.2 via vendor/authorizenet/authorizenet/lib/net/authorize/api/constants/ANetEnvironment.php.

Note. vendor/authorizenet/authorizenet/lib/net/authorize/util/AuthorizedNetSensitiveTagsConfig.json does exist and it does contain:
{
"tagName": "transactionKey",
"pattern": "",
"replacement": "",
"disableMask": false
}

Log Message (with mostly all values cleared for this issue report):
[_sendRequest] (vendor/authorizenet/authorizenet/lib/net/authorize/util/HttpClient.php : 77) - Request to AnetApi:
{"ARBUpdateSubscriptionRequest":{"merchantAuthentication":{"name":"","transactionKey":""},"clientId":"sdk-php-2.0.2","refId":"","subscriptionId":"","subscription":{"name":"Monthly Subscription"}}}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

No branches or pull requests

1 participant