Desktop,Mobile,Cli: Resolves #9706: Don't log OneDrive `Authorization` tokens (#9707)

pull/9572/head^2
Henry Heino 2024-01-18 03:20:33 -08:00 committed by GitHub
parent f5e1e45f6f
commit bc1165be46
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 56 additions and 1 deletions

View File

@ -740,6 +740,7 @@ packages/lib/models/utils/userData.test.js
packages/lib/models/utils/userData.js
packages/lib/net-utils.js
packages/lib/ntp.js
packages/lib/onedrive-api.test.js
packages/lib/onedrive-api.js
packages/lib/path-utils.js
packages/lib/reducer.js

1
.gitignore vendored
View File

@ -720,6 +720,7 @@ packages/lib/models/utils/userData.test.js
packages/lib/models/utils/userData.js
packages/lib/net-utils.js
packages/lib/ntp.js
packages/lib/onedrive-api.test.js
packages/lib/onedrive-api.js
packages/lib/path-utils.js
packages/lib/reducer.js

View File

@ -0,0 +1,19 @@
import OneDriveApi from './onedrive-api';
describe('onedrive-api', () => {
test.each([
[{ Authorization: 'testing' }, { Authorization: '[[DELETED]]' }],
[{ headers: { Authorization: 'testing' } }, { headers: { Authorization: '[[DELETED]]' } }],
[
{ foo: { Authorization: 'testing', bar: 'test' }, baz: 'test2', Authorization: 'testing' },
{ foo: { Authorization: '[[DELETED]]', bar: 'test' }, baz: 'test2', Authorization: '[[DELETED]]' },
],
[
{ a: { b: { c: { d: { e: { f: { g: 'Test' } } } }, Authorization: 'bearer someidhere' } } },
{ a: { b: { c: { d: { e: { f: '[[depth-exceeded]]' } } }, Authorization: '[[DELETED]]' } } },
],
])('authorizationTokenRemoved should remove Authorization field', (object, expected) => {
const api = new OneDriveApi('testID', 'secret', true);
expect(api.authorizationTokenRemoved(object)).toMatchObject(expected);
});
});

View File

@ -228,6 +228,34 @@ export default class OneDriveApi {
}
}
// Takes an object in the form
// { headers: { Authorization: "token here" } }
// or
// { Authorization: "token here" }
// Intended to be used for before logging objects that could potentially have an
// Authorization token.
public authorizationTokenRemoved(data: any, depth = 0) {
const newData: any = {};
if (!data || typeof data !== 'object') {
return data;
}
if (depth > 5) {
return '[[depth-exceeded]]';
}
for (const key in data) {
if (key === 'Authorization') {
newData[key] = '[[DELETED]]';
} else {
newData[key] = this.authorizationTokenRemoved(data[key], depth + 1);
}
}
return newData;
}
public async exec(method: string, path: string, query: any = null, data: any = null, options: any = null) {
if (!path) throw new Error('Path is required');
@ -363,7 +391,13 @@ export default class OneDriveApi {
// Deleting a non-existing item is ok - noop
return;
} else {
error.request = `${method} ${url} ${JSON.stringify(query)} ${JSON.stringify(data)} ${JSON.stringify(options)}`;
error.request = [
method,
url,
JSON.stringify(query),
JSON.stringify(this.authorizationTokenRemoved(data)),
JSON.stringify(this.authorizationTokenRemoved(options)),
].join(' ');
error.headers = await response.headers;
throw error;
}