Obfuscate password name value pairs in log strings (#2755)

* Unit test to catch password in logs. * Add clean to logger controller to "look for" password strings in log messages.
2016-09-20 21:45:24 -04:00
parent 5feceaa6d6
commit ad707457be
4 changed files with 33 additions and 7 deletions
--- a/src/Controllers/LoggerController.js
+++ b/src/Controllers/LoggerController.js
@@ -61,6 +61,14 @@ export class LoggerController extends AdaptableController {
    return null;
  }

+  cleanAndTruncateLogMessage(string) {
+    return this.truncateLogMessage(this.cleanLogMessage(string));
+  }
+
+  cleanLogMessage(string) {
+    return string.replace(/password":"[^"]*"/g, 'password":"********"');
+  }
+
  truncateLogMessage(string) {
    if (string && string.length > LOG_STRING_TRUNCATE_LENGTH) {
      const truncated = string.substring(0, LOG_STRING_TRUNCATE_LENGTH) + truncationMarker;
--- a/src/Routers/FunctionsRouter.js
+++ b/src/Routers/FunctionsRouter.js
@@ -103,7 +103,7 @@ export class FunctionsRouter extends PromiseRouter {
    const applicationId = req.config.applicationId;
    const theFunction = triggers.getFunction(functionName, applicationId);
    const theValidator = triggers.getValidator(req.params.functionName, applicationId);
-    if (theFunction) {      
+    if (theFunction) {
      let params = Object.assign({}, req.body, req.query);
      params = parseParams(params);
      var request = {
@@ -125,10 +125,10 @@ export class FunctionsRouter extends PromiseRouter {

      return new Promise(function (resolve, reject) {
        const userString = (req.auth && req.auth.user) ? req.auth.user.id : undefined;
-        const cleanInput = logger.truncateLogMessage(JSON.stringify(params));
+        const cleanInput = logger.cleanAndTruncateLogMessage(JSON.stringify(params));
        var response = FunctionsRouter.createResponseObject((result) => {
          try {
-            const cleanResult = logger.truncateLogMessage(JSON.stringify(result.response.result));
+            const cleanResult = logger.cleanAndTruncateLogMessage(JSON.stringify(result.response.result));
            logger.info(`Ran cloud function ${functionName} for user ${userString} `
              + `with:\n  Input: ${cleanInput }\n  Result: ${cleanResult }`, {
              functionName,
--- a/src/triggers.js
+++ b/src/triggers.js
@@ -212,7 +212,7 @@ function userIdForLog(auth) {
 }

 function logTriggerAfterHook(triggerType, className, input, auth) {
-  const cleanInput = logger.truncateLogMessage(JSON.stringify(input));
+  const cleanInput = logger.cleanAndTruncateLogMessage(JSON.stringify(input));
  logger.info(`${triggerType} triggered for ${className} for user ${userIdForLog(auth)}:\n  Input: ${cleanInput}`, {
    className,
    triggerType,
@@ -221,8 +221,8 @@ function logTriggerAfterHook(triggerType, className, input, auth) {
 }

 function logTriggerSuccessBeforeHook(triggerType, className, input, result, auth) {
-  const cleanInput = logger.truncateLogMessage(JSON.stringify(input));
-  const cleanResult = logger.truncateLogMessage(JSON.stringify(result));
+  const cleanInput = logger.cleanAndTruncateLogMessage(JSON.stringify(input));
+  const cleanResult = logger.cleanAndTruncateLogMessage(JSON.stringify(result));
  logger.info(`${triggerType} triggered for ${className} for user ${userIdForLog(auth)}:\n  Input: ${cleanInput}\n  Result: ${cleanResult}`, {
    className,
    triggerType,
@@ -231,7 +231,7 @@ function logTriggerSuccessBeforeHook(triggerType, className, input, result, auth
 }

 function logTriggerErrorBeforeHook(triggerType, className, input, auth, error) {
-  const cleanInput = logger.truncateLogMessage(JSON.stringify(input));
+  const cleanInput = logger.cleanAndTruncateLogMessage(JSON.stringify(input));
  logger.error(`${triggerType} failed for ${className} for user ${userIdForLog(auth)}:\n  Input: ${cleanInput}\n  Error: ${JSON.stringify(error)}`, {
    className,
    triggerType,