hide secrets from log output #35
Conversation
add log and sanitze function and used that over console.log closes prose#34
|
@kriswep: I have a few suggestions to improve your implementation. I can’t go into details right now, but I’ll try to post a more detailed comment later tonight before this gets merged. |
There was a problem hiding this comment.
Thank you @kriswep for taking the time to address this security issue. I’m sure the entire community which uses gatekeeper is very greatful for your time and effort (I know I am). I did have a few minor suggestions to improve code quality and future maintainablity. Feel free to look at my line comments in this review to see my suggestions, and implement any which you agree with. Thanks again.
server.js
Outdated
| function log(label, value, sanitized) { | ||
| value = value || ''; | ||
| if (sanitized){ | ||
| if (typeof(value) === 'string' && value.length > 10){ |
There was a problem hiding this comment.
Replace the hard-coded 10 with a named constant to avoid introducing “magic numbers”.
server.js
Outdated
| value = value || ''; | ||
| if (sanitized){ | ||
| if (typeof(value) === 'string' && value.length > 10){ | ||
| console.log(label, value.substring(3,0) + '...'); |
There was a problem hiding this comment.
Replace hard-coded ’...’ string with a named constant. This will make it easy to change the displayed string everywhere in the future without having to hunt through the code for each hard-coded instance.
server.js
Outdated
| if (typeof(value) === 'string' && value.length > 10){ | ||
| console.log(label, value.substring(3,0) + '...'); | ||
| } else { | ||
| console.log(label, '...'); |
There was a problem hiding this comment.
Replace hard-coded ’...’ string with a named constant. This will make it easy to change the displayed string everywhere in the future without having to hunt through the code for each hard-coded instance.
server.js
Outdated
| @@ -49,6 +53,19 @@ function authenticate(code, cb) { | |||
| req.on('error', function(e) { cb(e.message); }); | |||
| } | |||
|
|
|||
| function log(label, value, sanitized) { | |||
There was a problem hiding this comment.
Add a JSDoc comment block to this function to document the function, the parameters, what each parameter is for, and what types of data are expected for each parameter.
server.js
Outdated
| var result = err || !token ? {"error": "bad_code"} : { "token": token }; | ||
| console.log(result); | ||
| if ( err || !token ) { | ||
| result = {"error": "bad_code"}; |
There was a problem hiding this comment.
Replace hard-coded ”error” and ”bad_code” strings with named constants to make it easier to change the values in the future, in case it is ever necessary to do so.
server.js
Outdated
| result = {"error": "bad_code"}; | ||
| log(result.error); | ||
| } else { | ||
| result = {"token": token}; |
There was a problem hiding this comment.
Replace hard-coded ”token” string with a named constant to make it easier to change the value in the future, in case it is ever necessary to do so.
server.js
Outdated
| log(result.error); | ||
| } else { | ||
| result = {"token": token}; | ||
| log("token", result.token, true); |
There was a problem hiding this comment.
Replace hard-coded ”token” string with a named constant to make it easier to change the value in the future, in case it is ever necessary to do so.
and document log fn
|
Alright, I documented the new log function and replaced the hardcoded strings in there. I did not change the strings in the authenticate route function. I felt doing so would actually reduce readability by providing very minor benefits. BTW: I was very tempted to use |
|
Regarding |
|
Sounds reasonable. Would be happy to help moving this project forward in that regard. |
server.js
Outdated
| console.log(result); | ||
| if ( err || !token ) { | ||
| result = {"error": "bad_code"}; | ||
| log(result.error); |
There was a problem hiding this comment.
This is only indirectly related to what your PR fixes, but since we're touching this code, one thing I'd find useful is, in the case where we are returning err, logging that instead of just logging bad_code. This would make it easier to debug, since it would likely return error messages from whatever Oauth provider this is attached to.
There was a problem hiding this comment.
I added a change for this.
However, while testing, I noticed your implementation in the authenticate function swallows quite a lot of errors. I opened issue #36 for that. I would prefer that to be fixed in another pr.
|
@kriswep thanks for the pr. As far as the logic goes, it looks good. I agree we shouldn't change the format of the returned object. I'll do some testing of the code tomorrow, but in the meantime I left a comment about logging errors. Thanks again for your work on this. |
I added a log and sanitize function and used that over console.log.
Secret stuff (gh client id, gh client secret, codes and tokens) will be truncated to 3 characters. If the secret is less equal 10 characters or not a string it will be replaced by three dots.
So it logs sthg like this
closes #34