Add benchmark ci + optimize the validate records fk flow#925

Open

huydo862003 wants to merge 20 commits into

perf/add-benchmark

reviewdog / rdjson failed Jun 12, 2026 in 1s

reviewdog [rdjson] report

reported by reviewdog 🐶

Findings (12)

.github/workflows/scripts/collect-coverage.mts|61 col 26|

Unsanitized dynamic input in file path

Description

Using unsanitized dynamic input to determine file paths can allow attackers to gain access to files and folders outside of the intended scope. This vulnerability occurs when input provided by users is directly used to access the filesystem without proper validation or sanitization.

Remediations

Do not directly use user input to construct file paths. This can lead to unauthorized file access.
Do sanitize user input used in file paths. Replace patterns that can navigate out of intended directories, such as ..\.., to prevent path traversal attacks.
```
var folder = target.replace(/^(\.\.(\/|\\|$))+/, '');
```
Do check for and remove any instances of the NULL byte ("%00") in user input to guard against poison NULL byte attacks.
```
if (target.indexOf('\0') !== -1) {
  // Handle or reject the input
}
```
Do use path concatenation methods provided by your programming environment to securely combine user input with your base directory path. This ensures the final path starts within the intended scope.
```
const path = require("path");
var pathname = path.join("/public/", folder);
if (pathname.indexOf("/public/") !== 0) {
  // Handle or reject the input
}
```

References

OWASP Path Traversal
.github/workflows/scripts/collect-coverage.mts|63 col 9|

Unsanitized dynamic input in file path

Description

Using unsanitized dynamic input to determine file paths can allow attackers to gain access to files and folders outside of the intended scope. This vulnerability occurs when input provided by users is directly used to access the filesystem without proper validation or sanitization.

Remediations

Do not directly use user input to construct file paths. This can lead to unauthorized file access.
Do sanitize user input used in file paths. Replace patterns that can navigate out of intended directories, such as ..\.., to prevent path traversal attacks.
```
var folder = target.replace(/^(\.\.(\/|\\|$))+/, '');
```
Do check for and remove any instances of the NULL byte ("%00") in user input to guard against poison NULL byte attacks.
```
if (target.indexOf('\0') !== -1) {
  // Handle or reject the input
}
```
Do use path concatenation methods provided by your programming environment to securely combine user input with your base directory path. This ensures the final path starts within the intended scope.
```
const path = require("path");
var pathname = path.join("/public/", folder);
if (pathname.indexOf("/public/") !== 0) {
  // Handle or reject the input
}
```

References

OWASP Path Traversal
.github/workflows/scripts/collect-benchmarks.mts|44 col 3|

Leakage of information in logger message

Description

Information leakage through logger messages can compromise sensitive data. This vulnerability arises when dynamic data or variables, which may contain sensitive information, are included in log messages.

Remediations

Do not include sensitive data directly in logger messages. This can lead to the exposure of such data in log files, which might be accessible to unauthorized individuals.
```
logger.info(`Results: ${data}`) // unsafe
```
Do use logging levels appropriately to control the verbosity of log output and minimize the risk of leaking sensitive information in production environments.
.github/workflows/scripts/collect-benchmarks.mts|45 col 3|

Leakage of information in logger message

Description

Information leakage through logger messages can compromise sensitive data. This vulnerability arises when dynamic data or variables, which may contain sensitive information, are included in log messages.

Remediations

Do not include sensitive data directly in logger messages. This can lead to the exposure of such data in log files, which might be accessible to unauthorized individuals.
```
logger.info(`Results: ${data}`) // unsafe
```
Do use logging levels appropriately to control the verbosity of log output and minimize the risk of leaking sensitive information in production environments.
.github/workflows/scripts/collect-benchmarks.mts|87 col 5|

Leakage of information in logger message

Description

Information leakage through logger messages can compromise sensitive data. This vulnerability arises when dynamic data or variables, which may contain sensitive information, are included in log messages.

Remediations

Do not include sensitive data directly in logger messages. This can lead to the exposure of such data in log files, which might be accessible to unauthorized individuals.
```
logger.info(`Results: ${data}`) // unsafe
```
Do use logging levels appropriately to control the verbosity of log output and minimize the risk of leaking sensitive information in production environments.
.github/workflows/scripts/collect-coverage.mts|23 col 5|

Leakage of information in logger message

Description

Information leakage through logger messages can compromise sensitive data. This vulnerability arises when dynamic data or variables, which may contain sensitive information, are included in log messages.

Remediations

Do not include sensitive data directly in logger messages. This can lead to the exposure of such data in log files, which might be accessible to unauthorized individuals.
```
logger.info(`Results: ${data}`) // unsafe
```
Do use logging levels appropriately to control the verbosity of log output and minimize the risk of leaking sensitive information in production environments.
.github/workflows/scripts/collect-coverage.mts|243 col 5|

Leakage of information in logger message

Description

Information leakage through logger messages can compromise sensitive data. This vulnerability arises when dynamic data or variables, which may contain sensitive information, are included in log messages.

Remediations

Do not include sensitive data directly in logger messages. This can lead to the exposure of such data in log files, which might be accessible to unauthorized individuals.
```
logger.info(`Results: ${data}`) // unsafe
```
Do use logging levels appropriately to control the verbosity of log output and minimize the risk of leaking sensitive information in production environments.
.github/workflows/scripts/collect-coverage.mts|256 col 3|

Leakage of information in logger message

Description

Information leakage through logger messages can compromise sensitive data. This vulnerability arises when dynamic data or variables, which may contain sensitive information, are included in log messages.

Remediations

Do not include sensitive data directly in logger messages. This can lead to the exposure of such data in log files, which might be accessible to unauthorized individuals.
```
logger.info(`Results: ${data}`) // unsafe
```
Do use logging levels appropriately to control the verbosity of log output and minimize the risk of leaking sensitive information in production environments.
.github/workflows/scripts/collect-coverage.mts|258 col 3|

Leakage of information in logger message

Description

Information leakage through logger messages can compromise sensitive data. This vulnerability arises when dynamic data or variables, which may contain sensitive information, are included in log messages.

Remediations

Do not include sensitive data directly in logger messages. This can lead to the exposure of such data in log files, which might be accessible to unauthorized individuals.
```
logger.info(`Results: ${data}`) // unsafe
```
Do use logging levels appropriately to control the verbosity of log output and minimize the risk of leaking sensitive information in production environments.
packages/dbml-parse/benchmarks/compiler.benchmark.ts|23 col 3|

Leakage of information in logger message

Description

Information leakage through logger messages can compromise sensitive data. This vulnerability arises when dynamic data or variables, which may contain sensitive information, are included in log messages.

Remediations

Do not include sensitive data directly in logger messages. This can lead to the exposure of such data in log files, which might be accessible to unauthorized individuals.
```
logger.info(`Results: ${data}`) // unsafe
```
Do use logging levels appropriately to control the verbosity of log output and minimize the risk of leaking sensitive information in production environments.
packages/dbml-parse/benchmarks/compiler.benchmark.ts|35 col 3|

Leakage of information in logger message

Description

Information leakage through logger messages can compromise sensitive data. This vulnerability arises when dynamic data or variables, which may contain sensitive information, are included in log messages.

Remediations

Do not include sensitive data directly in logger messages. This can lead to the exposure of such data in log files, which might be accessible to unauthorized individuals.
```
logger.info(`Results: ${data}`) // unsafe
```
Do use logging levels appropriately to control the verbosity of log output and minimize the risk of leaking sensitive information in production environments.
packages/dbml-parse/benchmarks/compiler.benchmark.ts|39 col 1|

Leakage of information in logger message

Description

Information leakage through logger messages can compromise sensitive data. This vulnerability arises when dynamic data or variables, which may contain sensitive information, are included in log messages.

Remediations

Do not include sensitive data directly in logger messages. This can lead to the exposure of such data in log files, which might be accessible to unauthorized individuals.
```
logger.info(`Results: ${data}`) // unsafe
```
Do use logging levels appropriately to control the verbosity of log output and minimize the risk of leaking sensitive information in production environments.

Filtered Findings (0)

Annotations

Check failure on line 61 in .github/workflows/scripts/collect-coverage.mts

reviewdog / rdjson

[Bearer] .github/workflows/scripts/collect-coverage.mts#L61 <javascript_lang_path_traversal>(https://docs.bearer.com/reference/rules/javascript_lang_path_traversal)

# Unsanitized dynamic input in file path
## Description

Using unsanitized dynamic input to determine file paths can allow attackers to gain access to files and folders outside of the intended scope. This vulnerability occurs when input provided by users is directly used to access the filesystem without proper validation or sanitization.

## Remediations

- **Do not** directly use user input to construct file paths. This can lead to unauthorized file access.
- **Do** sanitize user input used in file paths. Replace patterns that can navigate out of intended directories, such as `..\..`, to prevent path traversal attacks.
  ```javascript
  var folder = target.replace(/^(\.\.(\/|\\|$))+/, '');
  ```
- **Do** check for and remove any instances of the NULL byte ("%00") in user input to guard against poison NULL byte attacks.
  ```javascript
  if (target.indexOf('\0') !== -1) {
    // Handle or reject the input
  }
  ```
- **Do** use path concatenation methods provided by your programming environment to securely combine user input with your base directory path. This ensures the final path starts within the intended scope.
  ```javascript
  const path = require("path");
  var pathname = path.join("/public/", folder);
  if (pathname.indexOf("/public/") !== 0) {
    // Handle or reject the input
  }
  ```

## References

- [OWASP Path Traversal](https://owasp.org/www-community/attacks/Path_Traversal)

Raw output


            message:"\n# Unsanitized dynamic input in file path\n## Description\n\nUsing unsanitized dynamic input to determine file paths can allow attackers to gain access to files and folders outside of the intended scope. This vulnerability occurs when input provided by users is directly used to access the filesystem without proper validation or sanitization.\n\n## Remediations\n\n- **Do not** directly use user input to construct file paths. This can lead to unauthorized file access.\n- **Do** sanitize user input used in file paths. Replace patterns that can navigate out of intended directories, such as `..\\..`, to prevent path traversal attacks.\n  ```javascript\n  var folder = target.replace(/^(\\.\\.(\\/|\\\\|$))+/, '');\n  ```\n- **Do** check for and remove any instances of the NULL byte (\"%00\") in user input to guard against poison NULL byte attacks.\n  ```javascript\n  if (target.indexOf('\\0') !== -1) {\n    // Handle or reject the input\n  }\n  ```\n- **Do** use path concatenation methods provided by your programming environment to securely combine user input with your base directory path. This ensures the final path starts within the intended scope.\n  ```javascript\n  const path = require(\"path\");\n  var pathname = path.join(\"/public/\", folder);\n  if (pathname.indexOf(\"/public/\") !== 0) {\n    // Handle or reject the input\n  }\n  ```\n\n## References\n\n- [OWASP Path Traversal](https://owasp.org/www-community/attacks/Path_Traversal)"  location:{path:".github/workflows/scripts/collect-coverage.mts"  range:{start:{line:61  column:26}  end:{line:61  column:60}}}  severity:ERROR  source:{name:"Bearer"  url:"https://docs.bearer.com/"}  code:{value:"javascript_lang_path_traversal"  url:"https://docs.bearer.com/reference/rules/javascript_lang_path_traversal"}

Check failure on line 63 in .github/workflows/scripts/collect-coverage.mts

reviewdog / rdjson

[Bearer] .github/workflows/scripts/collect-coverage.mts#L63 <javascript_lang_path_traversal>(https://docs.bearer.com/reference/rules/javascript_lang_path_traversal)

# Unsanitized dynamic input in file path
## Description

Using unsanitized dynamic input to determine file paths can allow attackers to gain access to files and folders outside of the intended scope. This vulnerability occurs when input provided by users is directly used to access the filesystem without proper validation or sanitization.

## Remediations

- **Do not** directly use user input to construct file paths. This can lead to unauthorized file access.
- **Do** sanitize user input used in file paths. Replace patterns that can navigate out of intended directories, such as `..\..`, to prevent path traversal attacks.
  ```javascript
  var folder = target.replace(/^(\.\.(\/|\\|$))+/, '');
  ```
- **Do** check for and remove any instances of the NULL byte ("%00") in user input to guard against poison NULL byte attacks.
  ```javascript
  if (target.indexOf('\0') !== -1) {
    // Handle or reject the input
  }
  ```
- **Do** use path concatenation methods provided by your programming environment to securely combine user input with your base directory path. This ensures the final path starts within the intended scope.
  ```javascript
  const path = require("path");
  var pathname = path.join("/public/", folder);
  if (pathname.indexOf("/public/") !== 0) {
    // Handle or reject the input
  }
  ```

## References

- [OWASP Path Traversal](https://owasp.org/www-community/attacks/Path_Traversal)

Raw output


            message:"\n# Unsanitized dynamic input in file path\n## Description\n\nUsing unsanitized dynamic input to determine file paths can allow attackers to gain access to files and folders outside of the intended scope. This vulnerability occurs when input provided by users is directly used to access the filesystem without proper validation or sanitization.\n\n## Remediations\n\n- **Do not** directly use user input to construct file paths. This can lead to unauthorized file access.\n- **Do** sanitize user input used in file paths. Replace patterns that can navigate out of intended directories, such as `..\\..`, to prevent path traversal attacks.\n  ```javascript\n  var folder = target.replace(/^(\\.\\.(\\/|\\\\|$))+/, '');\n  ```\n- **Do** check for and remove any instances of the NULL byte (\"%00\") in user input to guard against poison NULL byte attacks.\n  ```javascript\n  if (target.indexOf('\\0') !== -1) {\n    // Handle or reject the input\n  }\n  ```\n- **Do** use path concatenation methods provided by your programming environment to securely combine user input with your base directory path. This ensures the final path starts within the intended scope.\n  ```javascript\n  const path = require(\"path\");\n  var pathname = path.join(\"/public/\", folder);\n  if (pathname.indexOf(\"/public/\") !== 0) {\n    // Handle or reject the input\n  }\n  ```\n\n## References\n\n- [OWASP Path Traversal](https://owasp.org/www-community/attacks/Path_Traversal)"  location:{path:".github/workflows/scripts/collect-coverage.mts"  range:{start:{line:63  column:9}  end:{line:63  column:45}}}  severity:ERROR  source:{name:"Bearer"  url:"https://docs.bearer.com/"}  code:{value:"javascript_lang_path_traversal"  url:"https://docs.bearer.com/reference/rules/javascript_lang_path_traversal"}

Check failure on line 44 in .github/workflows/scripts/collect-benchmarks.mts

reviewdog / rdjson

[Bearer] .github/workflows/scripts/collect-benchmarks.mts#L44 <javascript_lang_logger_leak>(https://docs.bearer.com/reference/rules/javascript_lang_logger_leak)

# Leakage of information in logger message
## Description

Information leakage through logger messages can compromise sensitive data. This vulnerability arises when dynamic data or variables, which may contain sensitive information, are included in log messages.

## Remediations

- **Do not** include sensitive data directly in logger messages. This can lead to the exposure of such data in log files, which might be accessible to unauthorized individuals.
  ```javascript
  logger.info(`Results: ${data}`) // unsafe
  ```
- **Do** use logging levels appropriately to control the verbosity of log output and minimize the risk of leaking sensitive information in production environments.

Raw output


            message:"\n# Leakage of information in logger message\n## Description\n\nInformation leakage through logger messages can compromise sensitive data. This vulnerability arises when dynamic data or variables, which may contain sensitive information, are included in log messages.\n\n## Remediations\n\n- **Do not** include sensitive data directly in logger messages. This can lead to the exposure of such data in log files, which might be accessible to unauthorized individuals.\n  ```javascript\n  logger.info(`Results: ${data}`) // unsafe\n  ```\n- **Do** use logging levels appropriately to control the verbosity of log output and minimize the risk of leaking sensitive information in production environments."  location:{path:".github/workflows/scripts/collect-benchmarks.mts"  range:{start:{line:44  column:3}  end:{line:44  column:62}}}  severity:ERROR  source:{name:"Bearer"  url:"https://docs.bearer.com/"}  code:{value:"javascript_lang_logger_leak"  url:"https://docs.bearer.com/reference/rules/javascript_lang_logger_leak"}

Check failure on line 45 in .github/workflows/scripts/collect-benchmarks.mts

reviewdog / rdjson

[Bearer] .github/workflows/scripts/collect-benchmarks.mts#L45 <javascript_lang_logger_leak>(https://docs.bearer.com/reference/rules/javascript_lang_logger_leak)

# Leakage of information in logger message
## Description

Information leakage through logger messages can compromise sensitive data. This vulnerability arises when dynamic data or variables, which may contain sensitive information, are included in log messages.

## Remediations

- **Do not** include sensitive data directly in logger messages. This can lead to the exposure of such data in log files, which might be accessible to unauthorized individuals.
  ```javascript
  logger.info(`Results: ${data}`) // unsafe
  ```
- **Do** use logging levels appropriately to control the verbosity of log output and minimize the risk of leaking sensitive information in production environments.

Raw output


            message:"\n# Leakage of information in logger message\n## Description\n\nInformation leakage through logger messages can compromise sensitive data. This vulnerability arises when dynamic data or variables, which may contain sensitive information, are included in log messages.\n\n## Remediations\n\n- **Do not** include sensitive data directly in logger messages. This can lead to the exposure of such data in log files, which might be accessible to unauthorized individuals.\n  ```javascript\n  logger.info(`Results: ${data}`) // unsafe\n  ```\n- **Do** use logging levels appropriately to control the verbosity of log output and minimize the risk of leaking sensitive information in production environments."  location:{path:".github/workflows/scripts/collect-benchmarks.mts"  range:{start:{line:45  column:3}  end:{line:45  column:31}}}  severity:ERROR  source:{name:"Bearer"  url:"https://docs.bearer.com/"}  code:{value:"javascript_lang_logger_leak"  url:"https://docs.bearer.com/reference/rules/javascript_lang_logger_leak"}

Check failure on line 87 in .github/workflows/scripts/collect-benchmarks.mts

reviewdog / rdjson

[Bearer] .github/workflows/scripts/collect-benchmarks.mts#L87 <javascript_lang_logger_leak>(https://docs.bearer.com/reference/rules/javascript_lang_logger_leak)

# Leakage of information in logger message
## Description

Information leakage through logger messages can compromise sensitive data. This vulnerability arises when dynamic data or variables, which may contain sensitive information, are included in log messages.

## Remediations

- **Do not** include sensitive data directly in logger messages. This can lead to the exposure of such data in log files, which might be accessible to unauthorized individuals.
  ```javascript
  logger.info(`Results: ${data}`) // unsafe
  ```
- **Do** use logging levels appropriately to control the verbosity of log output and minimize the risk of leaking sensitive information in production environments.

Raw output


            message:"\n# Leakage of information in logger message\n## Description\n\nInformation leakage through logger messages can compromise sensitive data. This vulnerability arises when dynamic data or variables, which may contain sensitive information, are included in log messages.\n\n## Remediations\n\n- **Do not** include sensitive data directly in logger messages. This can lead to the exposure of such data in log files, which might be accessible to unauthorized individuals.\n  ```javascript\n  logger.info(`Results: ${data}`) // unsafe\n  ```\n- **Do** use logging levels appropriately to control the verbosity of log output and minimize the risk of leaking sensitive information in production environments."  location:{path:".github/workflows/scripts/collect-benchmarks.mts"  range:{start:{line:87  column:5}  end:{line:87  column:82}}}  severity:ERROR  source:{name:"Bearer"  url:"https://docs.bearer.com/"}  code:{value:"javascript_lang_logger_leak"  url:"https://docs.bearer.com/reference/rules/javascript_lang_logger_leak"}

Check failure on line 23 in .github/workflows/scripts/collect-coverage.mts

reviewdog / rdjson

[Bearer] .github/workflows/scripts/collect-coverage.mts#L23 <javascript_lang_logger_leak>(https://docs.bearer.com/reference/rules/javascript_lang_logger_leak)

# Leakage of information in logger message
## Description

Information leakage through logger messages can compromise sensitive data. This vulnerability arises when dynamic data or variables, which may contain sensitive information, are included in log messages.

## Remediations

- **Do not** include sensitive data directly in logger messages. This can lead to the exposure of such data in log files, which might be accessible to unauthorized individuals.
  ```javascript
  logger.info(`Results: ${data}`) // unsafe
  ```
- **Do** use logging levels appropriately to control the verbosity of log output and minimize the risk of leaking sensitive information in production environments.

Raw output


            message:"\n# Leakage of information in logger message\n## Description\n\nInformation leakage through logger messages can compromise sensitive data. This vulnerability arises when dynamic data or variables, which may contain sensitive information, are included in log messages.\n\n## Remediations\n\n- **Do not** include sensitive data directly in logger messages. This can lead to the exposure of such data in log files, which might be accessible to unauthorized individuals.\n  ```javascript\n  logger.info(`Results: ${data}`) // unsafe\n  ```\n- **Do** use logging levels appropriately to control the verbosity of log output and minimize the risk of leaking sensitive information in production environments."  location:{path:".github/workflows/scripts/collect-coverage.mts"  range:{start:{line:23  column:5}  end:{line:23  column:75}}}  severity:ERROR  source:{name:"Bearer"  url:"https://docs.bearer.com/"}  code:{value:"javascript_lang_logger_leak"  url:"https://docs.bearer.com/reference/rules/javascript_lang_logger_leak"}

Check failure on line 243 in .github/workflows/scripts/collect-coverage.mts

reviewdog / rdjson

[Bearer] .github/workflows/scripts/collect-coverage.mts#L243 <javascript_lang_logger_leak>(https://docs.bearer.com/reference/rules/javascript_lang_logger_leak)

# Leakage of information in logger message
## Description

Information leakage through logger messages can compromise sensitive data. This vulnerability arises when dynamic data or variables, which may contain sensitive information, are included in log messages.

## Remediations

- **Do not** include sensitive data directly in logger messages. This can lead to the exposure of such data in log files, which might be accessible to unauthorized individuals.
  ```javascript
  logger.info(`Results: ${data}`) // unsafe
  ```
- **Do** use logging levels appropriately to control the verbosity of log output and minimize the risk of leaking sensitive information in production environments.

Raw output


            message:"\n# Leakage of information in logger message\n## Description\n\nInformation leakage through logger messages can compromise sensitive data. This vulnerability arises when dynamic data or variables, which may contain sensitive information, are included in log messages.\n\n## Remediations\n\n- **Do not** include sensitive data directly in logger messages. This can lead to the exposure of such data in log files, which might be accessible to unauthorized individuals.\n  ```javascript\n  logger.info(`Results: ${data}`) // unsafe\n  ```\n- **Do** use logging levels appropriately to control the verbosity of log output and minimize the risk of leaking sensitive information in production environments."  location:{path:".github/workflows/scripts/collect-coverage.mts"  range:{start:{line:243  column:5}  end:{line:243  column:60}}}  severity:ERROR  source:{name:"Bearer"  url:"https://docs.bearer.com/"}  code:{value:"javascript_lang_logger_leak"  url:"https://docs.bearer.com/reference/rules/javascript_lang_logger_leak"}

Check failure on line 256 in .github/workflows/scripts/collect-coverage.mts

reviewdog / rdjson

[Bearer] .github/workflows/scripts/collect-coverage.mts#L256 <javascript_lang_logger_leak>(https://docs.bearer.com/reference/rules/javascript_lang_logger_leak)

# Leakage of information in logger message
## Description

Information leakage through logger messages can compromise sensitive data. This vulnerability arises when dynamic data or variables, which may contain sensitive information, are included in log messages.

## Remediations

- **Do not** include sensitive data directly in logger messages. This can lead to the exposure of such data in log files, which might be accessible to unauthorized individuals.
  ```javascript
  logger.info(`Results: ${data}`) // unsafe
  ```
- **Do** use logging levels appropriately to control the verbosity of log output and minimize the risk of leaking sensitive information in production environments.

Raw output


            message:"\n# Leakage of information in logger message\n## Description\n\nInformation leakage through logger messages can compromise sensitive data. This vulnerability arises when dynamic data or variables, which may contain sensitive information, are included in log messages.\n\n## Remediations\n\n- **Do not** include sensitive data directly in logger messages. This can lead to the exposure of such data in log files, which might be accessible to unauthorized individuals.\n  ```javascript\n  logger.info(`Results: ${data}`) // unsafe\n  ```\n- **Do** use logging levels appropriately to control the verbosity of log output and minimize the risk of leaking sensitive information in production environments."  location:{path:".github/workflows/scripts/collect-coverage.mts"  range:{start:{line:256  column:3}  end:{line:256  column:61}}}  severity:ERROR  source:{name:"Bearer"  url:"https://docs.bearer.com/"}  code:{value:"javascript_lang_logger_leak"  url:"https://docs.bearer.com/reference/rules/javascript_lang_logger_leak"}

Check failure on line 258 in .github/workflows/scripts/collect-coverage.mts

reviewdog / rdjson

[Bearer] .github/workflows/scripts/collect-coverage.mts#L258 <javascript_lang_logger_leak>(https://docs.bearer.com/reference/rules/javascript_lang_logger_leak)

# Leakage of information in logger message
## Description

Information leakage through logger messages can compromise sensitive data. This vulnerability arises when dynamic data or variables, which may contain sensitive information, are included in log messages.

## Remediations

- **Do not** include sensitive data directly in logger messages. This can lead to the exposure of such data in log files, which might be accessible to unauthorized individuals.
  ```javascript
  logger.info(`Results: ${data}`) // unsafe
  ```
- **Do** use logging levels appropriately to control the verbosity of log output and minimize the risk of leaking sensitive information in production environments.

Raw output


            message:"\n# Leakage of information in logger message\n## Description\n\nInformation leakage through logger messages can compromise sensitive data. This vulnerability arises when dynamic data or variables, which may contain sensitive information, are included in log messages.\n\n## Remediations\n\n- **Do not** include sensitive data directly in logger messages. This can lead to the exposure of such data in log files, which might be accessible to unauthorized individuals.\n  ```javascript\n  logger.info(`Results: ${data}`) // unsafe\n  ```\n- **Do** use logging levels appropriately to control the verbosity of log output and minimize the risk of leaking sensitive information in production environments."  location:{path:".github/workflows/scripts/collect-coverage.mts"  range:{start:{line:258  column:3}  end:{line:258  column:31}}}  severity:ERROR  source:{name:"Bearer"  url:"https://docs.bearer.com/"}  code:{value:"javascript_lang_logger_leak"  url:"https://docs.bearer.com/reference/rules/javascript_lang_logger_leak"}

Check failure on line 23 in packages/dbml-parse/__benchmarks__/compiler.benchmark.ts

reviewdog / rdjson

[Bearer] packages/dbml-parse/__benchmarks__/compiler.benchmark.ts#L23 <javascript_lang_logger_leak>(https://docs.bearer.com/reference/rules/javascript_lang_logger_leak)

# Leakage of information in logger message
## Description

Information leakage through logger messages can compromise sensitive data. This vulnerability arises when dynamic data or variables, which may contain sensitive information, are included in log messages.

## Remediations

- **Do not** include sensitive data directly in logger messages. This can lead to the exposure of such data in log files, which might be accessible to unauthorized individuals.
  ```javascript
  logger.info(`Results: ${data}`) // unsafe
  ```
- **Do** use logging levels appropriately to control the verbosity of log output and minimize the risk of leaking sensitive information in production environments.

Raw output


            message:"\n# Leakage of information in logger message\n## Description\n\nInformation leakage through logger messages can compromise sensitive data. This vulnerability arises when dynamic data or variables, which may contain sensitive information, are included in log messages.\n\n## Remediations\n\n- **Do not** include sensitive data directly in logger messages. This can lead to the exposure of such data in log files, which might be accessible to unauthorized individuals.\n  ```javascript\n  logger.info(`Results: ${data}`) // unsafe\n  ```\n- **Do** use logging levels appropriately to control the verbosity of log output and minimize the risk of leaking sensitive information in production environments."  location:{path:"packages/dbml-parse/__benchmarks__/compiler.benchmark.ts"  range:{start:{line:23  column:3}  end:{line:23  column:41}}}  severity:ERROR  source:{name:"Bearer"  url:"https://docs.bearer.com/"}  code:{value:"javascript_lang_logger_leak"  url:"https://docs.bearer.com/reference/rules/javascript_lang_logger_leak"}

Check failure on line 35 in packages/dbml-parse/__benchmarks__/compiler.benchmark.ts

reviewdog / rdjson

[Bearer] packages/dbml-parse/__benchmarks__/compiler.benchmark.ts#L35 <javascript_lang_logger_leak>(https://docs.bearer.com/reference/rules/javascript_lang_logger_leak)

# Leakage of information in logger message
## Description

Information leakage through logger messages can compromise sensitive data. This vulnerability arises when dynamic data or variables, which may contain sensitive information, are included in log messages.

## Remediations

- **Do not** include sensitive data directly in logger messages. This can lead to the exposure of such data in log files, which might be accessible to unauthorized individuals.
  ```javascript
  logger.info(`Results: ${data}`) // unsafe
  ```
- **Do** use logging levels appropriately to control the verbosity of log output and minimize the risk of leaking sensitive information in production environments.

Raw output


            message:"\n# Leakage of information in logger message\n## Description\n\nInformation leakage through logger messages can compromise sensitive data. This vulnerability arises when dynamic data or variables, which may contain sensitive information, are included in log messages.\n\n## Remediations\n\n- **Do not** include sensitive data directly in logger messages. This can lead to the exposure of such data in log files, which might be accessible to unauthorized individuals.\n  ```javascript\n  logger.info(`Results: ${data}`) // unsafe\n  ```\n- **Do** use logging levels appropriately to control the verbosity of log output and minimize the risk of leaking sensitive information in production environments."  location:{path:"packages/dbml-parse/__benchmarks__/compiler.benchmark.ts"  range:{start:{line:35  column:3}  end:{line:35  column:85}}}  severity:ERROR  source:{name:"Bearer"  url:"https://docs.bearer.com/"}  code:{value:"javascript_lang_logger_leak"  url:"https://docs.bearer.com/reference/rules/javascript_lang_logger_leak"}

Check failure on line 39 in packages/dbml-parse/__benchmarks__/compiler.benchmark.ts

reviewdog / rdjson

[Bearer] packages/dbml-parse/__benchmarks__/compiler.benchmark.ts#L39 <javascript_lang_logger_leak>(https://docs.bearer.com/reference/rules/javascript_lang_logger_leak)

# Leakage of information in logger message
## Description

Information leakage through logger messages can compromise sensitive data. This vulnerability arises when dynamic data or variables, which may contain sensitive information, are included in log messages.

## Remediations

- **Do not** include sensitive data directly in logger messages. This can lead to the exposure of such data in log files, which might be accessible to unauthorized individuals.
  ```javascript
  logger.info(`Results: ${data}`) // unsafe
  ```
- **Do** use logging levels appropriately to control the verbosity of log output and minimize the risk of leaking sensitive information in production environments.

Raw output


            message:"\n# Leakage of information in logger message\n## Description\n\nInformation leakage through logger messages can compromise sensitive data. This vulnerability arises when dynamic data or variables, which may contain sensitive information, are included in log messages.\n\n## Remediations\n\n- **Do not** include sensitive data directly in logger messages. This can lead to the exposure of such data in log files, which might be accessible to unauthorized individuals.\n  ```javascript\n  logger.info(`Results: ${data}`) // unsafe\n  ```\n- **Do** use logging levels appropriately to control the verbosity of log output and minimize the risk of leaking sensitive information in production environments."  location:{path:"packages/dbml-parse/__benchmarks__/compiler.benchmark.ts"  range:{start:{line:39  column:1}  end:{line:39  column:77}}}  severity:ERROR  source:{name:"Bearer"  url:"https://docs.bearer.com/"}  code:{value:"javascript_lang_logger_leak"  url:"https://docs.bearer.com/reference/rules/javascript_lang_logger_leak"}

View more details on reviewdog