sdk-php icon indicating copy to clipboard operation
sdk-php copied to clipboard
verified publisher icon AuthorizeNet

SDK is logging sensitive data - transactionKey

Open safrick opened this issue 1 year ago • 0 comments

The transactionKey value is being logged by authorizenet/authorizenet/lib/net/authorize/util/HttpClient.php : 77.

Using: sdk-php-2.0.3 per composer, although the SDK reports 2.0.2 via vendor/authorizenet/authorizenet/lib/net/authorize/api/constants/ANetEnvironment.php.

Note. vendor/authorizenet/authorizenet/lib/net/authorize/util/AuthorizedNetSensitiveTagsConfig.json does exist and it does contain: { "tagName": "transactionKey", "pattern": "", "replacement": "", "disableMask": false }

Log Message (with mostly all values cleared for this issue report): [_sendRequest] (vendor/authorizenet/authorizenet/lib/net/authorize/util/HttpClient.php : 77) - Request to AnetApi: {"ARBUpdateSubscriptionRequest":{"merchantAuthentication":{"name":"","transactionKey":""},"clientId":"sdk-php-2.0.2","refId":"","subscriptionId":"","subscription":{"name":"Monthly Subscription"}}}

safrick avatar Jul 01 '24 18:07 safrick