Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix(logging): avoid logging sensitive param values (#31522)
Summary: We noticed that by default when the RootView / ReactView calls runApplication, we're logging at an info level any props ("params") passed to that component. In our case, one of these props was sensitive in nature, causing the value to leak out in logs for our release builds. This is especially problematic on Android where device logs can be accessed by any app which requests that permission. This is probably more of a concern for brownfield react-native apps, but it seems worthwhile locking this down in non-dev builds. ## Changelog <!-- Help reviewers and the release process by writing your own changelog entry. For an example, see: https://github.com/facebook/react-native/wiki/Changelog --> [General] [Security] - Avoiding logging root view params outside of dev / debug mode builds Pull Request resolved: #31522 Test Plan: * build app in release mode on Android and verified I could not see: `Running "my app" with { sensitive: 'thing' }` in logcat in Android Studio with a tethered device Reviewed By: yungsters Differential Revision: D31064902 Pulled By: charlesbdudley fbshipit-source-id: 8b10a46d92a9ec44243dd74384299087260c7d83
- Loading branch information