From 0d33955fcdaa518ebcc7541947da35489661da19 Mon Sep 17 00:00:00 2001 From: Laurent Cozic Date: Thu, 17 Jun 2021 18:17:23 +0100 Subject: [PATCH] All: Mask auth token and password in log --- .eslintignore | 3 --- .gitignore | 3 --- packages/lib/JoplinServerApi.ts | 22 ++++++++++++++++++++-- 3 files changed, 20 insertions(+), 8 deletions(-) diff --git a/.eslintignore b/.eslintignore index bc59af4ce..717e86272 100644 --- a/.eslintignore +++ b/.eslintignore @@ -1439,9 +1439,6 @@ packages/lib/services/synchronizer/synchronizer_MigrationHandler.test.js.map packages/lib/services/synchronizer/tools.d.ts packages/lib/services/synchronizer/tools.js packages/lib/services/synchronizer/tools.js.map -packages/lib/services/synchronizer/uploadUtils.d.ts -packages/lib/services/synchronizer/uploadUtils.js -packages/lib/services/synchronizer/uploadUtils.js.map packages/lib/services/synchronizer/utils/handleSyncStartupOperation.d.ts packages/lib/services/synchronizer/utils/handleSyncStartupOperation.js packages/lib/services/synchronizer/utils/handleSyncStartupOperation.js.map diff --git a/.gitignore b/.gitignore index ca459c68e..fb887551d 100644 --- a/.gitignore +++ b/.gitignore @@ -1425,9 +1425,6 @@ packages/lib/services/synchronizer/synchronizer_MigrationHandler.test.js.map packages/lib/services/synchronizer/tools.d.ts packages/lib/services/synchronizer/tools.js packages/lib/services/synchronizer/tools.js.map -packages/lib/services/synchronizer/uploadUtils.d.ts -packages/lib/services/synchronizer/uploadUtils.js -packages/lib/services/synchronizer/uploadUtils.js.map packages/lib/services/synchronizer/utils/handleSyncStartupOperation.d.ts packages/lib/services/synchronizer/utils/handleSyncStartupOperation.js packages/lib/services/synchronizer/utils/handleSyncStartupOperation.js.map diff --git a/packages/lib/JoplinServerApi.ts b/packages/lib/JoplinServerApi.ts index e244b0171..3d560c791 100644 --- a/packages/lib/JoplinServerApi.ts +++ b/packages/lib/JoplinServerApi.ts @@ -91,6 +91,23 @@ export default class JoplinServerApi { return _('Could not connect to Joplin Server. Please check the Synchronisation options in the config screen. Full error was:\n\n%s', msg); } + private hidePassword(o: any): any { + if (typeof o === 'string') { + try { + const output = JSON.parse(o); + if (!output) return o; + if (output.password) output.password = '******'; + return JSON.stringify(output); + } catch (error) { + return o; + } + } else { + const output = { ...o }; + if (output.password) output.password = '******'; + return output; + } + } + private requestToCurl_(url: string, options: any) { const output = []; output.push('curl'); @@ -99,11 +116,12 @@ export default class JoplinServerApi { if (options.headers) { for (const n in options.headers) { if (!options.headers.hasOwnProperty(n)) continue; - output.push(`${'-H ' + '"'}${n}: ${options.headers[n]}"`); + const headerValue = n === 'X-API-AUTH' ? '******' : options.headers[n]; + output.push(`${'-H ' + '"'}${n}: ${headerValue}"`); } } if (options.body) { - const serialized = typeof options.body !== 'string' ? JSON.stringify(options.body) : options.body; + const serialized = typeof options.body !== 'string' ? JSON.stringify(this.hidePassword(options.body)) : this.hidePassword(options.body); output.push(`${'--data ' + '\''}${serialized}'`); } output.push(`'${url}'`);