Skip to content

Remove sensitive console logs that expose user data (Issue #273)#320

Open
anshul23102 wants to merge 2 commits into
indresh404:mainfrom
anshul23102:fix/273-remove-console-logs
Open

Remove sensitive console logs that expose user data (Issue #273)#320
anshul23102 wants to merge 2 commits into
indresh404:mainfrom
anshul23102:fix/273-remove-console-logs

Conversation

@anshul23102
Copy link
Copy Markdown
Contributor

@anshul23102 anshul23102 commented Jun 4, 2026

Summary

Removes all console.log, console.warn, and console.error statements that expose sensitive user data and internal system details.

Problem

Console logs expose sensitive information during app operations:

  • User UIDs and GitHub usernames in logs
  • Streak and points data logged to browser console
  • Authentication status visible in logs
  • Error messages containing sensitive details
  • Login/logout activity patterns logged

Information exposure through:

  • Browser DevTools (Dev Tools accessible to XSS attacks)
  • Error tracking and analytics services
  • Log aggregation tools capturing console output
  • Third-party monitoring and debugging tools
  • Browser history and debugging sessions

Solution

Removed all console statements that log sensitive data:

  • Removed console.log of user streak updates
  • Removed console.error from auth operations
  • Removed console.warn for configuration issues
  • Removed console.error from sign-in errors
  • Removed console.error from sign-out operations
  • Removed console.warn from analytics failures

Silent error handling:

  • Non-critical errors fail silently
  • No data exposure through error messages
  • User-friendly errors still thrown for important operations
  • Internal error details not logged

Changes

Modified Files:

  • src/context/AuthContext.jsx: Removed 4 console statements
  • src/lib/firebase.js: Removed 3 console statements

Logs Removed:

  1. Streak update success logs with user data
  2. Real-time listener error logs
  3. Login failure error logs
  4. Logout failure error logs
  5. Firebase config warning logs
  6. Analytics initialization error logs
  7. GitHub sign-in error logs

Security Benefits

Prevents Data Exposure:

  • No user data accessible via console
  • No authentication patterns visible
  • No internal system details logged
  • Error details not exposed to analytics

Reduces Attack Surface:

  • XSS attackers cannot read console data
  • Third-party services cannot capture user data
  • Log aggregation tools see no sensitive info
  • Debugging sessions reveal no user details

Testing Strategy

  • Login and verify no user data in console
  • Check streak updates do not log
  • Verify logout completes silently
  • Test error scenarios with no console output
  • Check DevTools shows no sensitive data
  • Verify analytics tools receive no user data
  • Test with third-party monitoring tools

Files Modified

  • Modified: src/context/AuthContext.jsx (removed 4 logs)
  • Modified: src/lib/firebase.js (removed 3 logs)

Fixes #273

@anshul23102
Remove sensitive console logs that expose user data
3ae1c78 
Removes all console.log, console.warn, and console.error statements that
could expose sensitive user information or internal system details.

Removed logs that expose:
- User streak and points data
- User authentication status
- Firebase configuration warnings
- GitHub authentication errors
- Error stack traces with system details
- Login/logout activity patterns

Prevents data exposure through:
- Browser DevTools in development
- Analytics and error tracking services
- CSP violations and security headers
- Third-party monitoring tools

Keeps error handling intact by silently catching non-critical errors
and properly throwing user-friendly errors for important operations.

Fixes issue indresh404#273
@anshul23102 anshul23102 requested a review from indresh404 as a code owner June 4, 2026 10:53
@vercel
Copy link
Copy Markdown

vercel Bot commented Jun 4, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
ranker-hub Ready Ready Preview, Comment Jun 4, 2026 5:44pm

@github-actions github-actions Bot added backend Backend/Firebase related changes bug Something isn't working frontend Frontend related changes (HTML/CSS/JS/React) gssoc GirlScript Summer of Code gssoc26 GirlScript Summer of Code 2026 nsoc NSoC NSoC'26 NSoC 2026 pending-review PR is pending review labels Jun 4, 2026
@anshul23102
Copy link
Copy Markdown
Contributor Author

anshul23102 commented Jun 4, 2026

Please add relevant labels:

  • type/security
  • severity/medium
  • area/privacy
  • nsoc
  • gssoc26

These help with tracking and prioritization. Thank you!

@anshul23102
style(lint): remove useless try/catch and unused catch bindings
50327a0 
After removing the sensitive console logs, several catch blocks were left
either rethrowing without any added behavior or binding an error variable
that is no longer referenced, which failed the eslint check
(no-useless-catch) and raised no-unused-vars warnings.

Removed the redundant try/catch wrapper in signOutUser so signOut errors
propagate directly, and switched the remaining log-free catch blocks to
optional catch binding. The onSnapshot error callback argument is renamed
to _error to match the allowed unused-argument pattern.

eslint now reports zero errors and zero warnings, and the build passes.
@anshul23102
Copy link
Copy Markdown
Contributor Author

anshul23102 commented Jun 4, 2026

Resolved the failing Lint Check. After removing the sensitive console logs, signOutUser was left with a useless try/catch (no-useless-catch) and a few catch blocks had unused bindings. Removed the redundant wrapper and switched the remaining log-free catches to optional catch binding. npx eslint . now reports zero errors and zero warnings, and npm run build passes.

@anshul23102
Copy link
Copy Markdown
Contributor Author

anshul23102 commented Jun 5, 2026

Suggested Labels

For maintainer review and categorization:

  • security (Data privacy/security)
  • frontend (Frontend logging)
  • backend (Backend logging)
  • level:intermediate (Intermediate complexity)

Removes sensitive console logs that expose user data and personal information.

@indresh404
Copy link
Copy Markdown
Owner

indresh404 commented Jun 5, 2026

fix conflict

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@indresh404 indresh404 Awaiting requested review from indresh404 indresh404 is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@anshul23102 anshul23102

Labels

backend Backend/Firebase related changes bug Something isn't working frontend Frontend related changes (HTML/CSS/JS/React) gssoc GirlScript Summer of Code gssoc26 GirlScript Summer of Code 2026 level3 nsoc NSoC NSoC'26 NSoC 2026 pending-review PR is pending review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Security: Console logs expose user data including UIDs, GitHub usernames, and personal information during app operations

2 participants

@anshul23102 @indresh404