Open vodolaz095 opened 7 years ago
There is also frontend code for sentry reports. There is CSP report endoind.
Sentry - https://sentry.io/starlight-group/node-api/settings/keys/ Including report uri and CSP report page https://github.com/starlightgroup/flash2/blob/4949d508618195ca1e7c8d24f3e3862816ed6d7e/api/middlewares/csp.js#L124-L124
for Loggly - https://starlightgroup.loggly.com/tokens
There are this values in config for
autopilot
,leadoutpost
,sentry
,loggly
,segment
.https://github.com/starlightgroup/flash2/blob/master/server-config.js
How it can be dangerous?
Moderate. Attackers can spam logs and analtics with meaningless errors, tampering developers work - because they need to see fake errors and can miss real errors
How to fix?
Regenerate all tokens. They can be all stored in code freely - they give write only access.