Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor: Remove errorRedactor #626

Open
danielbankhead opened this issue May 23, 2024 · 0 comments
Open

refactor: Remove errorRedactor #626

danielbankhead opened this issue May 23, 2024 · 0 comments
Labels
priority: p3 Desirable enhancement or fix. May not be included in next release. type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design.

Comments

@danielbankhead
Copy link
Contributor

danielbankhead commented May 23, 2024
edited
Loading

It simply does not work well with the open-ended GaxiosOptions & Response types and is pretty unmaintainable. Instead, customers should use a proper data loss prevention (DLP) product for this [example [infotypes]].

It has been marked as an @experimental API and thus is not breaking if removed.

gaxios/README.md

Lines 191 to 204 in 56b1410

/**
* An experimental, customizable error redactor.
*
* Set `false` to disable.
*
* @remarks
*
* This does not replace the requirement for an active Data Loss Prevention (DLP) provider. For DLP suggestions, see:
* - https://cloud.google.com/sensitive-data-protection/docs/redacting-sensitive-data#dlp_deidentify_replace_infotype-nodejs
* - https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference#credentials_and_secrets
*
* @experimental
*/
errorRedactor?: typeof defaultErrorRedactor | false;

gaxios/src/common.ts

Lines 248 to 259 in 56b1410

/**
* An experimental error redactor.
*
* @remarks
*
* This does not replace the requirement for an active Data Loss Prevention (DLP) provider. For DLP suggestions, see:
* - https://cloud.google.com/sensitive-data-protection/docs/redacting-sensitive-data#dlp_deidentify_replace_infotype-nodejs
* - https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference#credentials_and_secrets
*
* @experimental
*/
errorRedactor?: typeof defaultErrorRedactor | false;

gaxios/src/common.ts

Lines 392 to 489 in 56b1410

export function defaultErrorRedactor<T = any>(data: {
config?: RedactableGaxiosOptions;
response?: RedactableGaxiosResponse<T>;
}) {
const REDACT =
'<<REDACTED> - See `errorRedactor` option in `gaxios` for configuration>.';
function redactHeaders(headers?: Headers) {
if (!headers) return;
for (const key of Object.keys(headers)) {
// any casing of `Authentication`
if (/^authentication$/i.test(key)) {
headers[key] = REDACT;
}
// any casing of `Authorization`
if (/^authorization$/i.test(key)) {
headers[key] = REDACT;
}
// anything containing secret, such as 'client secret'
if (/secret/i.test(key)) {
headers[key] = REDACT;
}
}
}
function redactString(obj: GaxiosOptions, key: keyof GaxiosOptions) {
if (
typeof obj === 'object' &&
obj !== null &&
typeof obj[key] === 'string'
) {
const text = obj[key];
if (
/grant_type=/i.test(text) ||
/assertion=/i.test(text) ||
/secret/i.test(text)
) {
obj[key] = REDACT;
}
}
}
function redactObject<T extends GaxiosOptions['data']>(obj: T) {
if (typeof obj === 'object' && obj !== null) {
if ('grant_type' in obj) {
obj['grant_type'] = REDACT;
}
if ('assertion' in obj) {
obj['assertion'] = REDACT;
}
if ('client_secret' in obj) {
obj['client_secret'] = REDACT;
}
}
}
if (data.config) {
redactHeaders(data.config.headers);
redactString(data.config, 'data');
redactObject(data.config.data);
redactString(data.config, 'body');
redactObject(data.config.body);
try {
const url = new URL('', data.config.url);
if (url.searchParams.has('token')) {
url.searchParams.set('token', REDACT);
}
if (url.searchParams.has('client_secret')) {
url.searchParams.set('client_secret', REDACT);
}
data.config.url = url.toString();
} catch {
// ignore error - no need to parse an invalid URL
}
}
if (data.response) {
defaultErrorRedactor({config: data.response.config});
redactHeaders(data.response.headers);
redactString(data.response, 'data');
redactObject(data.response.data);
}
return data;
}

An internal bug is blocking this feature request - await it's resolution first.
@danielbankhead danielbankhead added type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design. priority: p3 Desirable enhancement or fix. May not be included in next release. labels May 23, 2024
@danielbankhead danielbankhead added next major: breaking change this is a change that we should wait to bundle into the next major version and removed next major: breaking change this is a change that we should wait to bundle into the next major version labels Jul 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
priority: p3 Desirable enhancement or fix. May not be included in next release. type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@danielbankhead