paulononato/backstage
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

backend-app-api: fix log redaction escaping

Browse Source 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
This commit is contained in:
Patrik Oldsberg
2023-01-17 16:56:15 +01:00
committed by blam
parent cbab8ac107
commit a18da2f8b5
3 changed files with 48 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.changeset/eight-falcons-explode.md
+5
View File
@@ -0,0 +1,5 @@
---
'@backstage/backend-app-api': patch
---
Fixed an issue were the log redaction didn't properly escape RegExp characters.
packages/backend-app-api/src/logging/WinstonLogger.test.ts
+38
View File
@@ -0,0 +1,38 @@
/*
* Copyright 2023 The Backstage Authors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
import { WinstonLogger } from './WinstonLogger';
function msg(message: string) {
return { message, level: 'info' };
}
describe('WinstonLogger', () => {
it('redacter should redact and escape regex', () => {
const redacter = WinstonLogger.redacter();
expect(redacter.format.transform(msg('hello (world)'))).toEqual(
msg('hello (world)'),
);
redacter.add(['hello']);
expect(redacter.format.transform(msg('hello (world)'))).toEqual(
msg('[REDACTED] (world)'),
);
redacter.add(['(world)']);
expect(redacter.format.transform(msg('hello (world)'))).toEqual(
msg('[REDACTED] [REDACTED]'),
);
});
});
packages/backend-app-api/src/logging/WinstonLogger.ts
+5 -4
View File
@@ -27,6 +27,7 @@ import {
transports,
transport as Transport,
} from 'winston';
import { escapeRegExp } from '../lib/escapeRegExp';
/**
* @public
@@ -98,10 +99,10 @@ export class WinstonLogger implements RootLoggerService {
}
}
if (added > 0) {
redactionPattern = new RegExp(
`(${Array.from(redactionSet).join('|')})`,
'g',
);
const redactions = Array.from(redactionSet)
.map(r => escapeRegExp(r))
.join('|');
redactionPattern = new RegExp(`(${redactions})`, 'g');
}
},
};