sanitize improvements (#169)

salesforce · Dec 14, 2018 · fa1604b · fa1604b
1 parent 774e0ba
commit fa1604b
Show file tree

Hide file tree

Showing 3 changed files with 49 additions and 12 deletions.
diff --git a/src/heartbeat/utils.js b/src/heartbeat/utils.js
@@ -113,8 +113,8 @@ function assignContext(ctx, def, collectorToken, res) {
  */
 function setupRepeater(generator) {
   const genIsBulk = commonUtils.isBulk(generator);
-  debug('setupRepeater (%s) for generator %O',
-    genIsBulk ? 'bulk' : 'by subject', sanitize(generator));
+  debug('setupRepeater (%s) for generator %O', genIsBulk ? 'bulk' : 'by subject',
+    sanitize(generator, ['token', 'context']));
   const collFunc = genIsBulk ? collectBulk : collectBySubject;
   const handlerFunc =
     genIsBulk ? handleCollectResponseBulk : handleCollectResponseBySubject;
@@ -161,7 +161,7 @@ function addGenerators(res) {
           err.message);
       }
 
-      debug('Generator added: %O', sanitize(g));
+      debug('Generator added: %O', sanitize(g, ['token', 'context']));
     });
   } else {
     debug('No generators to add.');
@@ -229,7 +229,7 @@ function updateGenerators(res) {
           err.message);
       }
 
-      debug('Generator updated: %O', sanitize(g));
+      debug('Generator updated: %O', sanitize(g, ['token', 'context']));
     });
   } else {
     debug('No generators to update.');

diff --git a/src/utils/commonUtils.js b/src/utils/commonUtils.js
@@ -144,23 +144,27 @@ module.exports = {
       return object;
     }
 
-    function doTraverse(obj) {
+    function doTraverse(obj, keysToSanitize, sanitizeAll=false) {
       if (obj) {
-        keys.forEach((key) => {
-          if (obj.hasOwnProperty(key) && typeof obj[key] === 'string') {
-            obj[key] = '...' + obj[key].slice(-5);
+        Object.entries(obj).forEach(([key, val]) => {
+          const doSanitize = keysToSanitize.includes(key) || sanitizeAll;
+          if (typeof val === 'string' && doSanitize) {
+            obj[key] = '...' + val.slice(-5);
+          } else if (typeof val === 'object' && !Array.isArray(val)) {
+            if (doSanitize) {
+              doTraverse(val, [], true);
+            } else {
+              doTraverse(val, keysToSanitize);
+            }
           }
         });
-        Object.keys(obj)
-        .filter((k) => typeof obj[k] === 'object' && !Array.isArray(obj[k]))
-        .forEach((k) => obj[k] = doTraverse(obj[k]));
       }
 
       return obj;
     }
 
     let sanitized = JSON.parse(JSON.stringify(object)); // copy
-    sanitized = doTraverse(sanitized);
+    sanitized = doTraverse(sanitized, keys);
     return sanitized;
   }, // sanitize
 

diff --git a/test/utils/commonUtils.js b/test/utils/commonUtils.js
@@ -99,6 +99,39 @@ describe('test/utils/commonUtils.js >', () => {
       });
       done();
     });
+
+    it('ok, sanitize entire object', (done) => {
+      const obj = {
+        accessToken: 'a310u',
+        username: 'refocus-collector-user',
+        somethingNested: {
+          a: 1,
+          b: [3, 4, 5],
+          bearerToken: 'qwertyuiop',
+          anotherToken: '1234567890123456789012345678901234567890',
+          nested2: {
+            nestedToken: '--------------------',
+          },
+        },
+      };
+
+      const sanitized = sanitize(obj,
+        ['accessToken', 'somethingNested']);
+      expect(sanitized).to.deep.equal({
+        accessToken: '...a310u',
+        username: 'refocus-collector-user',
+        somethingNested: {
+          a: 1,
+          b: [3, 4, 5],
+          bearerToken: '...yuiop',
+          anotherToken: '...67890',
+          nested2: {
+            nestedToken: '...-----',
+          },
+        },
+      });
+      done();
+    });
   });
 
   describe('collector metadata >', () => {