Upgrade to sailor 2.6.18 (#51)

denyshld · denis.gladikov · web-flow · commit bc48d2077fcb · 2020-11-13T17:27:15.000+02:00
* Upgrade to sailor 2.6.18
* Annual audit of the component code to check if it exposes a sensitive data in the logs
* Annual npm vulnerabilities audit

Co-authored-by: denis.gladikov &lt;denis.gladikov@elastic.io&gt;
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -7,6 +7,9 @@ jobs:
       - checkout
       - restore_cache:
           key: dependency-cache-{{ checksum "package.json" }}
+      - run:
+          name: Audit Dependencies
+          command: npm audit --audit-level=high
       - run:
           name: Installing Dependencies
           command: npm install
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,10 @@
+# 1.4.1 (November 12, 2020)
+
+## General Changes
+    * Upgrade to sailor 2.6.18
+    * Annual audit of the component code to check if it exposes a sensitive data in the logs
+    * Annual npm vulnerabilities audit
+
 # 1.4.0 (June 5, 2020)
 
 ## General Changes
diff --git a/lib/StatelessBasicAuthRestClient.js b/lib/StatelessBasicAuthRestClient.js
@@ -5,10 +5,12 @@ const request = promisify(require('requestretry'));
 const rawRequest = require('request');
 const removeTrailingSlash = require('remove-trailing-slash');
 const removeLeadingSlash = require('remove-leading-slash');
-const debug = require('debug')('Rest-Client');
+
+let staticLogger;
 
 const NoAuthRestClient = class NoAuthRestClient {
   constructor(emitter, cfg) {
+    staticLogger = emitter.logger;
     this.emitter = emitter;
     this.cfg = cfg;
   }
@@ -23,7 +25,7 @@ const NoAuthRestClient = class NoAuthRestClient {
     const urlToCall = urlIsSegment
       ? `${removeTrailingSlash(this.cfg.resourceServerUrl.trim())}/${removeLeadingSlash(url.trim())}`
       : url.trim();
-    this.emitter.logger.info(`Making ${method} request to ${urlToCall} ...`);
+    this.emitter.logger.info(`Making ${method} request...`);
 
     const requestOptions = {
       url: urlToCall,
@@ -68,8 +70,9 @@ const NoAuthRestClient = class NoAuthRestClient {
             stream.pipe(inputStream);
           }
         })
+        // eslint-disable-next-line no-unused-vars
         .on('error', (err) => {
-          self.emitter.logger.error(err);
+          self.emitter.logger.error('Error on making request');
           counter += 1;
           setTimeout(retryRequest.bind(this), 3000, options, retryCnt, inputStream);
         });
@@ -80,7 +83,7 @@ module.exports.NoAuthRestClient = NoAuthRestClient;
 
 function onAnyErrorRetryStrategy(err, response) {
   const checkResult = err || response.statusCode >= 404;
-  debug('Client failed making request: %s, Retrying: %s', err, checkResult);
+  staticLogger.error('Client failed making request: %s, Retrying: %s', err, checkResult);
   return checkResult;
 }
 
diff --git a/lib/actions/deleteObject.js b/lib/actions/deleteObject.js
@@ -13,7 +13,7 @@ exports.process = async function (msg, cfg) {
       this.logger.warn('Provided filename is not found: nothing to delete');
       return messages.newEmptyMessage();
     }
-    this.logger.error('Error occurred while getting file metadata: %j', err);
+    this.logger.error('Error occurred while getting file metadata!');
     throw err;
   }
 
diff --git a/lib/actions/renameObject.js b/lib/actions/renameObject.js
@@ -21,38 +21,34 @@ function checkFieldNotFolder(fieldName, fieldValue) {
 }
 // eslint-disable-next-line func-names
 exports.process = async function (msg, cfg) {
+  this.logger.info('Starting rename object action...');
   const client = new Client(this.logger, cfg);
   const { bucketName, oldFileName, newFileName } = msg.body;
   checkFieldNotFolder('bucketName', bucketName);
   checkFieldNotFolder('oldFileName', oldFileName);
   checkFieldNotFolder('newFileName', newFileName);
   const folder = formatFolder(msg.body.folder);
-  this.logger.info(`Found params oldFileName: ${oldFileName}, newFileName: ${newFileName}, bucketName: ${bucketName}, folder: ${folder}`);
   const fullOldFileName = `${folder || ''}${oldFileName}`;
   const fullNewFileName = `${folder || ''}${newFileName}`;
-  this.logger.info(`Starting rename file ${fullOldFileName} to ${fullNewFileName} in bucket: ${bucketName}`);
   const oldFile = await client.getFileFromBucket(bucketName, fullOldFileName);
-  this.logger.trace(`Old file: ${JSON.stringify(oldFile)}`);
   if (oldFile) {
     let newFile = await client.getFileFromBucket(bucketName, fullNewFileName);
     if (!newFile) {
       const copySource = `${bucketName}/${fullOldFileName}`;
-      this.logger.trace(`Starting copyObject: ${copySource}`);
+      this.logger.trace('Starting copyObject...');
       const copyResult = await client.copyObject(copySource, bucketName, fullNewFileName);
-      this.logger.trace(`copyResult ${JSON.stringify(copyResult)}`);
+      this.logger.trace('CopyResult received');
       newFile = await client.getFileFromBucket(bucketName, fullNewFileName);
-      this.logger.trace(`New file: ${JSON.stringify(newFile)}`);
       if (newFile) {
-        this.logger.trace(`Starting delete old file: ${fullOldFileName}`);
+        this.logger.trace('Starting delete old file...');
         await client.deleteObject(bucketName, fullOldFileName);
         this.logger.info('File successfully renamed');
         await this.emit('data', messages.newMessageWithBody(newFile));
       } else {
         throw new Error(`Error occurred while copying a file: ${copyResult}`);
       }
     } else {
-      this.logger.trace(`Exists file: ${JSON.stringify(newFile)}`);
-      throw new Error(`File with name ${fullNewFileName} is already exists in bucket ${bucketName}`);
+      throw new Error('File is already exists in provided bucket!');
     }
   } else {
     throw new Error(`File with name ${fullOldFileName} doesn't exists in bucket ${bucketName}`);
diff --git a/lib/actions/streamToCsv.js b/lib/actions/streamToCsv.js
@@ -44,7 +44,6 @@ function processAction(msg, cfg) {
       _.map(columnConfig, (column) => {
         columns[column.property] = column.title;
       });
-      self.logger.info('Processing following column configuration columns=%j', columns);
       const stringifier = csvParser.stringify({ header: true, columns });
       const upload = streamClient.upload({
         Bucket: cfg.bucketName,
@@ -81,7 +80,7 @@ function processAction(msg, cfg) {
   }
 
   function emitError(e) {
-    self.logger.info('Oops! Error occurred', e.stack || e);
+    self.logger.error('Oops! Error occurred!');
     self.emit('error', e);
   }
 
diff --git a/lib/actions/streamToFile.js b/lib/actions/streamToFile.js
@@ -6,7 +6,7 @@ const { Client } = require('../client');
 const { NoAuthRestClient } = require('../StatelessBasicAuthRestClient');
 
 exports.process = async function (msg, cfg) {
-  this.logger.trace('Input: %j', JSON.stringify(msg));
+  this.logger.trace('Starting stream to file action..');
   const client = new Client(this.logger, cfg);
   const bucketName = msg.body.bucketName ? msg.body.bucketName : cfg.bucketName;
 
@@ -25,7 +25,7 @@ exports.process = async function (msg, cfg) {
     };
   });
 
-  this.logger.trace('trying to get attachment from %j', attachments[0].url.url);
+  this.logger.trace('Trying to get attachment...');
 
   const passthrough = new PassThrough();
 
diff --git a/lib/client.js b/lib/client.js
@@ -28,19 +28,20 @@ class Client {
   }
 
   async getFileFromBucket(bucketName, fileName) {
-    this.logger.info(`Finding file ${fileName} in bucket: ${bucketName}`);
+    this.logger.info('Searching for file in bucket');
     const params = {
       Bucket: bucketName,
       Delimiter: '/',
       Prefix: fileName,
     };
     const data = await this.s3.listObjects(params).promise();
-    this.logger.trace(`Found data: ${JSON.stringify(data)}`);
     const foundFiles = data.Contents.filter((item) => item.Key === fileName);
-    this.logger.trace(`Found file: ${JSON.stringify(foundFiles)}`);
+    this.logger.trace('Filtering complete');
     if (foundFiles.length !== 1) {
+      this.logger.trace('No files with provided name');
       return null;
     }
+    this.logger.trace('File was found');
     return foundFiles[0];
   }
 
diff --git a/lib/utils/attachmentProcessor.js b/lib/utils/attachmentProcessor.js
@@ -17,7 +17,7 @@ function addAttachment(msg, name, body, contentType) {
   }
 
   async function uploadFile(urls) {
-    self.logger.debug('Trying to upload file: %j', body);
+    self.logger.debug('Trying to upload file...');
 
     const stream = new Readable();
     stream.push(body.toString());
@@ -36,10 +36,7 @@ function addAttachment(msg, name, body, contentType) {
   }
 
   return getUrlsManualy().then((result) => {
-    self.logger.debug('createSignedUrl result: %j', result);
-    self.logger.debug('Uploading to url: %s', result.put_url);
-    self.logger.debug('Content-Type: %s', contentType);
-    self.logger.info('uploadFile is about to execute');
+    self.logger.debug('Uploading file with content type %s ...', contentType);
     return uploadFile(result, contentType);
   });
 }
diff --git a/lib/utils/pollingUtil.js b/lib/utils/pollingUtil.js
@@ -31,14 +31,14 @@ class AwsS3Polling extends PollingTrigger {
     for (let i = 0; i < files.length; i += 1) {
       const file = files[i];
       try {
-        this.logger.info('Processing file with name: %s, size: %d', file.Key, file.Size);
+        this.logger.info('Processing file with size: %d', file.Size);
         const resultMessage = messages.newMessageWithBody(file);
 
         if (this.cfg.enableFileAttachments) {
           await this.s3FileToAttachment(resultMessage, path.basename(file.Key), file.Size);
         }
 
-        this.logger.trace('Emitting new message with body: %j', resultMessage.body);
+        this.logger.trace('Emitting new message with data...');
         await this.context.emit('data', resultMessage);
       } catch (e) {
         await this.context.emit('error', e);
@@ -64,16 +64,16 @@ class AwsS3Polling extends PollingTrigger {
       resultMessage.attachments = attachments;
     }
 
-    this.logger.trace('Emitting new message with body: %j', resultMessage.body);
+    this.logger.trace('Emitting new message with data...');
     await this.context.emit('data', resultMessage);
     this.logger.info('Finished emitting data');
   }
 
   async s3FileToAttachment(msg, filename, size) {
-    this.logger.info('Adding file %s to attachment...', filename);
+    this.logger.info('Adding file to attachment...');
     const s3Stream = this.client.getObjectReadStream(this.cfg.bucketName, filename);
     const uploadResult = await this.attachmentProcessor.uploadAttachment(s3Stream);
-    this.logger.info('File %s successfully uploaded to URL: %s', filename, uploadResult.config.url);
+    this.logger.info('File successfully uploaded to attachment storage');
 
     /* eslint-disable-next-line no-param-reassign */
     msg.attachments = {
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
diff --git a/verifyCredentials.js b/verifyCredentials.js

Original file line number	Diff line number	Diff line change
`@@ -13,7 +13,7 @@ exports.process = async function (msg, cfg) {`
`13`	`13`	`this.logger.warn('Provided filename is not found: nothing to delete');`
`14`	`14`	`return messages.newEmptyMessage();`
`15`	`15`	`}`
`16`		`- this.logger.error('Error occurred while getting file metadata: %j', err);`
	`16`	`+ this.logger.error('Error occurred while getting file metadata!');`
`17`	`17`	`throw err;`
`18`	`18`	`}`
`19`	`19`
Original file line number	Diff line number	Diff line change
`@@ -44,7 +44,6 @@ function processAction(msg, cfg) {`
`44`	`44`	`_.map(columnConfig, (column) => {`
`45`	`45`	`columns[column.property] = column.title;`
`46`	`46`	`});`
`47`		`- self.logger.info('Processing following column configuration columns=%j', columns);`
`48`	`47`	`const stringifier = csvParser.stringify({ header: true, columns });`
`49`	`48`	`const upload = streamClient.upload({`
`50`	`49`	`Bucket: cfg.bucketName,`
`@@ -81,7 +80,7 @@ function processAction(msg, cfg) {`
`81`	`80`	`}`
`82`	`81`
`83`	`82`	`function emitError(e) {`
`84`		`- self.logger.info('Oops! Error occurred', e.stack \|\| e);`
	`83`	`+ self.logger.error('Oops! Error occurred!');`
`85`	`84`	`self.emit('error', e);`
`86`	`85`	`}`
`87`	`86`
Original file line number	Diff line number	Diff line change
`@@ -17,7 +17,7 @@ function addAttachment(msg, name, body, contentType) {`
`17`	`17`	`}`
`18`	`18`
`19`	`19`	`async function uploadFile(urls) {`
`20`		`- self.logger.debug('Trying to upload file: %j', body);`
	`20`	`+ self.logger.debug('Trying to upload file...');`
`21`	`21`
`22`	`22`	`const stream = new Readable();`
`23`	`23`	`stream.push(body.toString());`
`@@ -36,10 +36,7 @@ function addAttachment(msg, name, body, contentType) {`
`36`	`36`	`}`
`37`	`37`
`38`	`38`	`return getUrlsManualy().then((result) => {`
`39`		`- self.logger.debug('createSignedUrl result: %j', result);`
`40`		`- self.logger.debug('Uploading to url: %s', result.put_url);`
`41`		`- self.logger.debug('Content-Type: %s', contentType);`
`42`		`- self.logger.info('uploadFile is about to execute');`
	`39`	`+ self.logger.debug('Uploading file with content type %s ...', contentType);`
`43`	`40`	`return uploadFile(result, contentType);`
`44`	`41`	`});`
`45`	`42`	`}`