joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Move password masking out of logging clients where possible (#2762)

Browse Source 
Move password masking functionality into LoggerController.

The is a more aggresive approach to masking password string in the logs.

Cleaning the url is still in the PromiseRouter because picking it out of the log string
would be fragile.

This will cause more log messages to be scanned for password strings, and may cause a password
string to be obsfucated that is not neccesarily part of parse internals -- but i think that is
still a good thing....

see: #2755 & #2680
This commit is contained in:
Arthur Cinader
2016-09-22 12:05:54 -07:00
committed by Florent Vilmart
parent ad707457be
commit a41cbcbc7f
5 changed files with 50 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/triggers.js
View File

@@ -212,7 +212,7 @@ function userIdForLog(auth) {
}
function logTriggerAfterHook(triggerType, className, input, auth) {
const cleanInput = logger.cleanAndTruncateLogMessage(JSON.stringify(input));
const cleanInput = logger.truncateLogMessage(JSON.stringify(input));
logger.info(`${triggerType} triggered for ${className} for user ${userIdForLog(auth)}:\n Input: ${cleanInput}`, {
className,
triggerType,
@@ -221,8 +221,8 @@ function logTriggerAfterHook(triggerType, className, input, auth) {
}
function logTriggerSuccessBeforeHook(triggerType, className, input, result, auth) {
const cleanInput = logger.cleanAndTruncateLogMessage(JSON.stringify(input));
const cleanResult = logger.cleanAndTruncateLogMessage(JSON.stringify(result));
const cleanInput = logger.truncateLogMessage(JSON.stringify(input));
const cleanResult = logger.truncateLogMessage(JSON.stringify(result));
logger.info(`${triggerType} triggered for ${className} for user ${userIdForLog(auth)}:\n Input: ${cleanInput}\n Result: ${cleanResult}`, {
className,
triggerType,
@@ -231,7 +231,7 @@ function logTriggerSuccessBeforeHook(triggerType, className, input, result, auth
}
function logTriggerErrorBeforeHook(triggerType, className, input, auth, error) {
const cleanInput = logger.cleanAndTruncateLogMessage(JSON.stringify(input));
const cleanInput = logger.truncateLogMessage(JSON.stringify(input));
logger.error(`${triggerType} failed for ${className} for user ${userIdForLog(auth)}:\n Input: ${cleanInput}\n Error: ${JSON.stringify(error)}`, {
className,
triggerType,