Desktop,Mobile,Cli: Resolves #9706: Don't log OneDrive Authorization tokens (#9707)

2025-11-23 22:36:32 +02:00 · 2024-01-18 03:20:33 -08:00
parent f5e1e45f6f
commit bc1165be46
4 changed files with 56 additions and 1 deletions
--- a/packages/lib/onedrive-api.ts
+++ b/packages/lib/onedrive-api.ts
@@ -228,6 +228,34 @@ export default class OneDriveApi {
 		}
 	}

+	// Takes an object in the form
+	//   { headers: { Authorization: "token here" } }
+	// or
+	//   { Authorization: "token here" }
+	// Intended to be used for before logging objects that could potentially have an
+	// Authorization token.
+	public authorizationTokenRemoved(data: any, depth = 0) {
+		const newData: any = {};
+
+		if (!data || typeof data !== 'object') {
+			return data;
+		}
+
+		if (depth > 5) {
+			return '[[depth-exceeded]]';
+		}
+
+		for (const key in data) {
+			if (key === 'Authorization') {
+				newData[key] = '[[DELETED]]';
+			} else {
+				newData[key] = this.authorizationTokenRemoved(data[key], depth + 1);
+			}
+		}
+
+		return newData;
+	}
+
 	public async exec(method: string, path: string, query: any = null, data: any = null, options: any = null) {
 		if (!path) throw new Error('Path is required');

@@ -363,7 +391,13 @@ export default class OneDriveApi {
 					// Deleting a non-existing item is ok - noop
 					return;
 				} else {
-					error.request = `${method} ${url} ${JSON.stringify(query)} ${JSON.stringify(data)} ${JSON.stringify(options)}`;
+					error.request = [
+						method,
+						url,
+						JSON.stringify(query),
+						JSON.stringify(this.authorizationTokenRemoved(data)),
+						JSON.stringify(this.authorizationTokenRemoved(options)),
+					].join(' ');
 					error.headers = await response.headers;
 					throw error;
 				}