Prevent secrets from sending in email #502
Conversation
thinkingserious
added
the
status: code review request
|
|
|
Sample file: // mail_sample.js
const sgMail = require('./packages/mail');
sgMail.setApiKey(process.env.SENDGRID_API_KEY);
/**
any of the following models will work
sgMail.setSecretRules({
name: 'apikey_regex',
pattern: /SG\.[a-zA-Z0-9_]+\.[a-zA-Z0-9-]+/
});
sgMail.setSecretRules({
name: 'apikey_string',
pattern: 'SG\.[a-zA-Z0-9_]+\.[a-zA-Z0-9-]+'
});
sgMail.setSecretRules(/SG\.[a-zA-Z0-9_]+\.[a-zA-Z0-9-]+/);
sgMail.setSecretRules('SG\.[a-zA-Z0-9_]+\.[a-zA-Z0-9-]+');
sgMail.setSecretRules([
'test',
/aloha/,
{
name: 'apikey_string',
pattern: 'SG\.[a-zA-Z0-9_]+\.[a-zA-Z0-9-]+'
},
{
name: 'apikey_regex',
pattern: /SG\.[a-zA-Z0-9_]+\.[a-zA-Z0-9-]+/
}
]);
*/
const msg = {
to: 'name@example.com',
from: 'name@example.com',
subject: 'Sending with SendGrid is Fun',
text: 'SG.Xx1XX.Xx1XX-Xx1X-X1xXX-XX11X-XxX and easy to do anywhere, even with Node.js',
html: '<strong>and easy to do anywhere, even with Node.js</strong>',
};
sgMail.send(msg); |
thinkingserious
added
difficulty: medium
There was a problem hiding this comment.
Thanks for the PR, @spelcaster! Unfortunately, it looks like some other changes that were merged into the sendgrid-nodejs codebase have resulted in a merge conflict, so we need you to rebase your code. Once your PR applies cleanly to master, please let us know so that we can merge it!
clee
added
status: code review complete
and removed
status: code review request
- Added the methods:
- setSecretRules: user can configure a set of named rules to test the
e-mail content;
- filterSecrets: this method test all the e-mail content with the
rules configured in setSecretRules, nothing is done if secretRules
is empty, and if a rule is found in the e-mail content, then a
exception is thrown;
- The method filterSecrets is called before the request to the API and
should prevent sensitive data leakage;
- The method setSecretRules can now receive an object, a string and an
array of string and/or objects, then it will try to standardize the
rules to the following structure:
[
{
name: 'rule_name', // optional
pattern: /pattern/ // required
}
]
- Refactored filterSecrets to use the new secretRules types, changed the
exception from string to Error type and the error message is a template
string now;
|
@clee done!. I've squashed one of the commits and changed how my variables were declared, I'm using |
|
@spelcaster Awesome! Thanks for taking care of this so quickly. I’ll check with the rest of the team to see how soon we can get this merged. |
thinkingserious
added
type: twilio enhancement
|
@clee, Is there any change to be done here yet? |
|
Hi @spelcaster, Everything is good on your end. This is now on our backlog for merge. With Best Regards, Elmer |
|
Hello @spelcaster, |
e-mail content;
rules configured in setSecretRules, nothing is done if secretRules
is empty, and if a rule is found in the e-mail content, then a
exception is thrown;
should prevent sensitive data leakage;
@mbernier edit:
closes #496