Merge pull request #283 from alxndrsn/redact-passwords-in-error-meta

johnabrams7 · web-flow · commit 0e2e45ad014c · 2019-11-18T15:39:09.000-06:00
Redact passwords provided in URL when passing errors to callbacks
diff --git a/lib/adapter.js b/lib/adapter.js
@@ -16,6 +16,7 @@
 
 var _ = require('@sailshq/lodash');
 var async = require('async');
+var redactPasswords = require('./private/redact-passwords');
 var Helpers = require('../helpers');
 
 module.exports = (function sailsPostgresql() {
@@ -62,7 +63,7 @@ module.exports = (function sailsPostgresql() {
         }).execSync();
       } catch (e) {
         setImmediate(function done() {
-          return cb(e);
+          return cb(redactPasswords(e));
         });
         return;
       }
@@ -95,14 +96,14 @@ module.exports = (function sailsPostgresql() {
           modelDefinitions: modelDefinitions
         }).switch({
           error: function error(err) {
-            return next(err);
+            return next(redactPasswords(err));
           },
           success: function success() {
             return next();
           }
         });
       }, function asyncCb(err) {
-        cb(err);
+        cb(redactPasswords(err));
       });
     },
 
@@ -130,12 +131,12 @@ module.exports = (function sailsPostgresql() {
         query: query
       }).switch({
         error: function error(err) {
-          return cb(err);
+          return cb(redactPasswords(err));
         },
         notUnique: function error(errInfo) {
           var e = new Error(errInfo.message);
           e.footprint = errInfo.footprint;
-          return cb(e);
+          return cb(redactPasswords(e));
         },
         success: function success(report) {
           var record = report && report.record || undefined;
@@ -158,12 +159,12 @@ module.exports = (function sailsPostgresql() {
         query: query
       }).switch({
         error: function error(err) {
-          return cb(err);
+          return cb(redactPasswords(err));
         },
         notUnique: function error(errInfo) {
           var e = new Error(errInfo.message);
           e.footprint = errInfo.footprint;
-          return cb(e);
+          return cb(redactPasswords(e));
         },
         success: function success(report) {
           var records = report && report.records || undefined;
@@ -186,7 +187,7 @@ module.exports = (function sailsPostgresql() {
         query: query
       }).switch({
         error: function error(err) {
-          return cb(err);
+          return cb(redactPasswords(err));
         },
         success: function success(report) {
           return cb(undefined, report.records);
@@ -208,12 +209,12 @@ module.exports = (function sailsPostgresql() {
         query: query
       }).switch({
         error: function error(err) {
-          return cb(err);
+          return cb(redactPasswords(err));
         },
         notUnique: function error(errInfo) {
           var e = new Error(errInfo.message);
           e.footprint = errInfo.footprint;
-          return cb(e);
+          return cb(redactPasswords(e));
         },
         success: function success(report) {
           if (report) {
@@ -239,7 +240,7 @@ module.exports = (function sailsPostgresql() {
         query: query
       }).switch({
         error: function error(err) {
-          return cb(err);
+          return cb(redactPasswords(err));
         },
         success: function success(report) {
           if (report) {
@@ -265,7 +266,7 @@ module.exports = (function sailsPostgresql() {
         query: query
       }).switch({
         error: function error(err) {
-          return cb(err);
+          return cb(redactPasswords(err));
         },
         success: function success(report) {
           return cb(undefined, report);
@@ -287,7 +288,7 @@ module.exports = (function sailsPostgresql() {
         query: query
       }).switch({
         error: function error(err) {
-          return cb(err);
+          return cb(redactPasswords(err));
         },
         success: function success(report) {
           return cb(undefined, report);
@@ -309,7 +310,7 @@ module.exports = (function sailsPostgresql() {
         query: query
       }).switch({
         error: function error(err) {
-          return cb(err);
+          return cb(redactPasswords(err));
         },
         success: function success(report) {
           return cb(undefined, report);
@@ -331,7 +332,7 @@ module.exports = (function sailsPostgresql() {
         query: query
       }).switch({
         error: function error(err) {
-          return cb(err);
+          return cb(redactPasswords(err));
         },
         success: function success(report) {
           return cb(undefined, report);
@@ -364,7 +365,7 @@ module.exports = (function sailsPostgresql() {
         meta: meta
       }).switch({
         error: function error(err) {
-          return cb(err);
+          return cb(redactPasswords(err));
         },
         success: function success(report) {
           // Waterline expects the result to be undefined if the table doesn't
@@ -393,7 +394,7 @@ module.exports = (function sailsPostgresql() {
         meta: meta
       }).switch({
         error: function error(err) {
-          return cb(err);
+          return cb(redactPasswords(err));
         },
         success: function success() {
           return cb();
@@ -414,7 +415,7 @@ module.exports = (function sailsPostgresql() {
         meta: meta
       }).switch({
         error: function error(err) {
-          return cb(err);
+          return cb(redactPasswords(err));
         },
         success: function success() {
           return cb();
@@ -435,10 +436,10 @@ module.exports = (function sailsPostgresql() {
         meta: meta
       }).switch({
         error: function error(err) {
-          return cb(err);
+          return cb(redactPasswords(err));
         },
         badConnection: function badConnection(err) {
-          return cb(err);
+          return cb(redactPasswords(err));
         },
         success: function success() {
           return cb();
@@ -460,7 +461,7 @@ module.exports = (function sailsPostgresql() {
         meta: meta
       }).switch({
         error: function error(err) {
-          return cb(err);
+          return cb(redactPasswords(err));
         },
         success: function success() {
           return cb();
@@ -472,3 +473,5 @@ module.exports = (function sailsPostgresql() {
 
   return adapter;
 })();
+
+
diff --git a/lib/private/redact-passwords.js b/lib/private/redact-passwords.js
@@ -0,0 +1,31 @@
+//  ██████╗ ███████╗██████╗  █████╗  ██████╗████████╗
+//  ██╔══██╗██╔════╝██╔══██╗██╔══██╗██╔════╝╚══██╔══╝
+//  ██████╔╝█████╗  ██║  ██║███████║██║        ██║
+//  ██╔══██╗██╔══╝  ██║  ██║██╔══██║██║        ██║
+//  ██║  ██║███████╗██████╔╝██║  ██║╚██████╗   ██║
+//  ╚═╝  ╚═╝╚══════╝╚═════╝ ╚═╝  ╚═╝ ╚═════╝   ╚═╝
+//
+//  ██████╗  █████╗ ███████╗███████╗██╗    ██╗ ██████╗ ██████╗ ██████╗ ███████╗
+//  ██╔══██╗██╔══██╗██╔════╝██╔════╝██║    ██║██╔═══██╗██╔══██╗██╔══██╗██╔════╝
+//  ██████╔╝███████║███████╗███████╗██║ █╗ ██║██║   ██║██████╔╝██║  ██║███████╗
+//  ██╔═══╝ ██╔══██║╚════██║╚════██║██║███╗██║██║   ██║██╔══██╗██║  ██║╚════██║
+//  ██║     ██║  ██║███████║███████║╚███╔███╔╝╚██████╔╝██║  ██║██████╔╝███████║
+//  ╚═╝     ╚═╝  ╚═╝╚══════╝╚══════╝ ╚══╝╚══╝  ╚═════╝ ╚═╝  ╚═╝╚═════╝ ╚══════╝
+//
+//  Remove database passwords from the error instance.
+
+module.exports = function redactPasswords(err) {
+  var REDACT_REPLACEMENT = '$1:****@';
+  var REDACT_REGEX_SINGLE = /^(postgres:\/\/[^:\s]*):[^@\s]*@/;
+  var REDACT_REGEX_MULTI =   /(postgres:\/\/[^:\s]*):[^@\s]*@/g;
+
+  if(err) {
+    if(err.meta && typeof err.meta === 'object' && err.meta.url && typeof err.meta.url === 'string') {
+      err.meta.url = err.meta.url.replace(REDACT_REGEX_SINGLE, REDACT_REPLACEMENT);
+    }
+    if(err.message && typeof err.message === 'string') {
+      err.message = err.message.replace(REDACT_REGEX_MULTI, REDACT_REPLACEMENT);
+    }
+  }
+  return err;
+}
