Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(core): censor novel secrets in querystring #526

Merged
merged 1 commit into from
Apr 8, 2022
Merged

fix(core): censor novel secrets in querystring #526

merged 1 commit into from
Apr 8, 2022

Conversation

xavdid
Copy link
Contributor

@xavdid xavdid commented Apr 6, 2022

Follow up to #525 that covers similar behavior in the querystring.

Didn't catch it before because I passed the url example.com?api_key=secret, but prep request separates them, so we have to search request_params explicitly too.

Underscores the importance of our unit tests matching what actually gets called at runtime

@xavdid xavdid requested a review from eliangcs as a code owner April 6, 2022 19:30
xavdid
xavdid commented Apr 6, 2022
View reviewed changes
packages/core/test/logger.js
@@ -14,22 +14,29 @@ const {
} = require('../src/http-middlewares/after/log-response');

// little helper to prepare a req/res pair like the http logger does
const prepareTestRequest = (reqBody = {}, resBody = {}) =>
const prepareTestRequest = ({
reqBody = {},
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Declaring params like this make them mostly function like python kwargs

packages/core/src/tools/create-logger.js
@@ -124,7 +128,13 @@ const buildSensitiveValues = (event, data) => {
const authData = bundle.authData || {};
// for the most part, we should censor all the values from authData
// the exception is safe urls, which should be filtered out - we want those to be logged
// but, we _should_ censor-no-matter-what sensitive keys, even if their value is a safe url
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

weirdly, the logger.safe urls test was failing for me locally, but not in CI in the last PR. Bumping secret-scrubber locally didn't seem to change that. Not sure why CI didn't flag anything ¯\_(ツ)_/¯

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's odd. It passes for me locally. Just curious, what's your failing message?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right? Weirdest thing.

Running yarn main-tests -g "safe urls" in core directory gives:

      -      "password": "https://a-url-like.password.com"
      +      "password": ":censored:31:0dbc81268a:"

Same thing happens when running the full suite.

It sort of makes sense- the value is a url and doesn't have basic auth or a querystring. So I'm not sure why the test passed before. But, I think the current behavior is what we want. If something is explicitly a sensitive key, we should censor it. If it's not (but is in auth data), it's probably safe.

eliangcs
eliangcs approved these changes Apr 7, 2022
View reviewed changes
Copy link
Member

@eliangcs eliangcs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@xavdid xavdid merged commit 5e1b05c into master Apr 8, 2022
@xavdid xavdid deleted the PDE-3051-req-query-params branch April 8, 2022 17:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@eliangcs eliangcs eliangcs approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@xavdid @eliangcs