joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Mask sensitive information when logging (#1790)

Browse Source
This commit is contained in:
Marco Cheung
2016-05-18 04:15:44 +08:00
committed by Drew
parent b40e16647b
commit 40965186c0
2 changed files with 89 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
spec/FileLoggerAdapter.spec.js
View File

@@ -1,5 +1,8 @@
'use strict';
var FileLoggerAdapter = require('../src/Adapters/Logger/FileLoggerAdapter').FileLoggerAdapter;
var Parse = require('parse/node').Parse;
var request = require('request');
describe('info logs', () => {
@@ -45,3 +48,55 @@ describe('error logs', () => {
});
});
});
describe('verbose logs', () => {
it("mask sensitive information in _User class", (done) => {
let customConfig = Object.assign({}, defaultConfiguration, {verbose: true});
setServerConfiguration(customConfig);
createTestUser().then(() => {
let fileLoggerAdapter = new FileLoggerAdapter();
return fileLoggerAdapter.query({
from: new Date(Date.now() - 500),
size: 100,
level: 'verbose'
});
}).then((results) => {
expect(results[1].message.includes('"password": "********"')).toEqual(true);
var headers = {
'X-Parse-Application-Id': 'test',
'X-Parse-REST-API-Key': 'rest'
};
request.get({
headers: headers,
url: 'http://localhost:8378/1/login?username=test&password=moon-y'
}, (error, response, body) => {
let fileLoggerAdapter = new FileLoggerAdapter();
return fileLoggerAdapter.query({
from: new Date(Date.now() - 500),
size: 100,
level: 'verbose'
}).then((results) => {
expect(results[1].message.includes('password=********')).toEqual(true);
done();
});
});
});
});
it("should not mask information in non _User class", (done) => {
let obj = new Parse.Object('users');
obj.set('password', 'pw');
obj.save().then(() => {
let fileLoggerAdapter = new FileLoggerAdapter();
return fileLoggerAdapter.query({
from: new Date(Date.now() - 500),
size: 100,
level: 'verbose'
});
}).then((results) => {
expect(results[1].message.includes('"password": "pw"')).toEqual(true);
done();
});
});
});

36
src/PromiseRouter.js
View File

@@ -6,6 +6,7 @@
// components that external developers may be modifying.
import express from 'express';
import url from 'url';
import log from './logger';
export default class PromiseRouter {
@@ -154,8 +155,8 @@ export default class PromiseRouter {
function makeExpressHandler(promiseHandler) {
return function(req, res, next) {
try {
log.verbose(req.method, req.originalUrl, req.headers,
JSON.stringify(req.body, null, 2));
log.verbose(req.method, maskSensitiveUrl(req), req.headers,
JSON.stringify(maskSensitiveBody(req), null, 2));
promiseHandler(req).then((result) => {
if (!result.response && !result.location && !result.text) {
log.error('the handler did not include a "response" or a "location" field');
@@ -194,3 +195,34 @@ function makeExpressHandler(promiseHandler) {
}
}
}
function maskSensitiveBody(req) {
let maskBody = Object.assign({}, req.body);
let shouldMaskBody = (req.method === 'POST' && req.originalUrl.endsWith('/users')
&& !req.originalUrl.includes('classes')) ||
(req.method === 'PUT' && /users\/\w+$/.test(req.originalUrl)
&& !req.originalUrl.includes('classes')) ||
(req.originalUrl.includes('classes/_User'));
if (shouldMaskBody) {
for (let key of Object.keys(maskBody)) {
if (key == 'password') {
maskBody[key] = '********';
break;
}
}
}
return maskBody;
}
function maskSensitiveUrl(req) {
let maskUrl = req.originalUrl.toString();
let shouldMaskUrl = req.method === 'GET' && req.originalUrl.includes('/login')
&& !req.originalUrl.includes('classes');
if (shouldMaskUrl) {
let password = url.parse(req.originalUrl, true).query.password;
if (password) {
maskUrl = maskUrl.replace('password=' + password, 'password=********')
}
}
return maskUrl;
}