joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Scrub Passwords with URL Encoded Characters (#4433)

Browse Source 
* scrub passwords with url encoded characters from logs

* compose query string from parsed params, redacting based on key if needed
This commit is contained in:
Benjamin Wilson Friedman
2017-12-29 10:16:32 -08:00
committed by Florent Vilmart
parent 04f8673edd
commit 7a9d4044af
2 changed files with 106 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
src/Controllers/LoggerController.js
View File

@@ -46,12 +46,25 @@ export class LoggerController extends AdaptableController {
}
maskSensitiveUrl(urlString) {
const password = url.parse(urlString, true).query.password;
const urlObj = url.parse(urlString, true);
const query = urlObj.query;
let sanitizedQuery = '?';
if (password) {
urlString = urlString.replace('password=' + password, 'password=********');
for(const key in query) {
if(key !== 'password') {
// normal value
sanitizedQuery += key + '=' + query[key] + '&';
} else {
// password value, redact it
sanitizedQuery += key + '=' + '********' + '&';
}
}
return urlString;
// trim last character, ? or &
sanitizedQuery = sanitizedQuery.slice(0, -1);
// return original path name with sanitized params attached
return urlObj.pathname + sanitizedQuery;
}
maskSensitive(argArray) {