You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by gl...@apache.org on 2021/01/12 13:54:06 UTC
[couchdb-nano] 02/04: ensure creds are scrubbed from logged messages
This is an automated email from the ASF dual-hosted git repository.
glynnbird pushed a commit to branch 9.0.2prep
in repository https://gitbox.apache.org/repos/asf/couchdb-nano.git
commit 4c8bf11db8928ccc9fccc55fb7ef1306f3d5b549
Author: Glynn Bird <gl...@apache.org>
AuthorDate: Mon Jan 11 17:03:24 2021 +0000
ensure creds are scrubbed from logged messages
---
lib/nano.js | 25 +++++++++++++++++--------
1 file changed, 17 insertions(+), 8 deletions(-)
diff --git a/lib/nano.js b/lib/nano.js
index 0d1c666..4abeacf 100644
--- a/lib/nano.js
+++ b/lib/nano.js
@@ -23,6 +23,7 @@ const http = require('http')
const https = require('https')
const pkg = require('../package.json')
const AGENT_DEFAULTS = { keepAlive: true, maxSockets: 50, keepAliveMsecs: 30000 }
+const SCRUBBED_STR = 'XXXXXX'
const defaultHttpAgent = new http.Agent(AGENT_DEFAULTS)
const defaultHttpsAgent = new https.Agent(AGENT_DEFAULTS)
const ChangesReader = require('./changesreader.js')
@@ -94,9 +95,9 @@ module.exports = exports = function dbScope (cfg) {
}
}
- function scrub (str) {
+ function scrubURL (str) {
if (str) {
- str = str.replace(/\/\/(.*)@/, '//XXXXXX:XXXXXX@')
+ str = str.replace(/\/\/(.*)@/, `//${SCRUBBED_STR}:${SCRUBBED_STR}@`)
}
return str
}
@@ -149,8 +150,6 @@ module.exports = exports = function dbScope (cfg) {
return
}
- log({ err: 'couch', body: body, headers: responseHeaders })
-
// cloudant stacktrace
if (typeof body === 'string') {
body = { message: body }
@@ -164,12 +163,14 @@ module.exports = exports = function dbScope (cfg) {
delete body.stack
// scrub credentials
- req.url = scrub(req.url)
- responseHeaders.url = scrub(responseHeaders.url)
+ req.url = scrubURL(req.url)
+ responseHeaders.uri = scrubURL(responseHeaders.uri)
if (req.headers.cookie) {
req.headers.cookie = 'XXXXXXX'
}
+ log({ err: 'couch', body: body, headers: responseHeaders })
+
const message = body.message || 'couch returned ' + statusCode
const errors = new Error(message)
errors.scope = 'couch'
@@ -251,7 +252,7 @@ module.exports = exports = function dbScope (cfg) {
}, cfg.requestDefaults)
// https://github.com/mikeal/request#requestjar
- const isJar = opts.jar || cfg.jar
+ const isJar = opts.jar || cfg.jar || (cfg.requestDefaults && cfg.requestDefaults.jar)
if (isJar) {
req.jar = cookieJar
@@ -343,7 +344,6 @@ module.exports = exports = function dbScope (cfg) {
// ?drilldown=["author","Dickens"]&drilldown=["publisher","Penguin"]
req.qsStringifyOptions = { arrayFormat: 'repeat' }
- log(req)
cfg.cookies = cookieJar.getCookiesSync(cfg.url)
// This where the HTTP request is made.
@@ -368,6 +368,15 @@ module.exports = exports = function dbScope (cfg) {
req.httpAgent = cfg.requestDefaults.agent || defaultHttpAgent
req.httpsAgent = cfg.requestDefaults.agent || defaultHttpsAgent
+ // scrub and log
+ const scrubbedReq = JSON.parse(JSON.stringify(req))
+ scrubbedReq.url = scrubURL(scrubbedReq.url)
+ if (scrubbedReq.auth) {
+ scrubbedReq.auth.username = SCRUBBED_STR
+ scrubbedReq.auth.password = SCRUBBED_STR
+ }
+ log(scrubbedReq)
+
// actually do the HTTP request
if (opts.stream) {
// return the Request object for streaming