Properly obfuscate query parameters in logs (#3793)

youngerong · flovilmart · commit e0be653f4ce9 · 2017-05-11T07:17:20.000-04:00
* fix-3789

* fix3789 add unit test
diff --git a/spec/CloudCodeLogger.spec.js b/spec/CloudCodeLogger.spec.js
@@ -228,3 +228,20 @@ describe("Cloud Code Logger", () => {
             .then(null, e => done.fail(JSON.stringify(e)));
   }).pend('needs more work.....');
 });
+
+it('cloud function should obfuscate password', done => {
+  const logController = new LoggerController(new WinstonLoggerAdapter());
+
+  Parse.Cloud.define('testFunction', (req, res) => {
+    res.success(1002,'verify code success');
+  });
+
+  Parse.Cloud.run('testFunction', {username:'hawk',password:'123456'})
+          .then(() => logController.getLogs({ from: Date.now() - 500, size: 1000 }))
+          .then((res) => {
+            const entry = res[0];
+            expect(entry.params.password).toMatch(/\*\*\*\*\*\*\*\*/);
+            done();
+          })
+          .then(null, e => done.fail(e));
+});
diff --git a/src/Controllers/LoggerController.js b/src/Controllers/LoggerController.js
@@ -64,6 +64,15 @@ export class LoggerController extends AdaptableController {
         }
       }
 
+      if (e.params) {
+        for (const key of Object.keys(e.params)) {
+          if (key === 'password') {
+            e.params[key] = '********';
+            break;
+          }
+        }
+      }
+
       return e;
     });
   }

Original file line number	Diff line number	Diff line change
`@@ -64,6 +64,15 @@ export class LoggerController extends AdaptableController {`
`64`	`64`	`}`
`65`	`65`	`}`
`66`	`66`
	`67`	`+ if (e.params) {`
	`68`	`+ for (const key of Object.keys(e.params)) {`
	`69`	`+ if (key === 'password') {`
	`70`	`+ e.params[key] = '********';`
	`71`	`+ break;`
	`72`	`+ }`
	`73`	`+ }`
	`74`	`+ }`
	`75`	`+`
`67`	`76`	`return e;`
`68`	`77`	`});`
`69`	`78`	`}`