Skip to content

Commit

Permalink
BC-5044 - prevent password logging of failed edusharing requests
Browse files Browse the repository at this point in the history
  • Loading branch information
@uidp
uidp authored Oct 10, 2023
1 parent 2b27ebe commit 4d5a69c
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 1 deletion.
2 changes: 2 additions & 0 deletions src/middleware/errorHandler.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -125,6 +125,7 @@ const secretDataKeys = (() =>
'gradeComment',
'_csrf',
'searchUserPassword',
'authorization',
].map((k) => k.toLocaleLowerCase()))();

const filterSecretValue = (key, value) => {
Expand Down Expand Up @@ -174,6 +175,7 @@ const filterSecrets = (error, req, res, next) => {
if (error) {
// req.url = filterQuery(req.url);
req.originalUrl = filterQuery(req.originalUrl);
req.headers = filter(req.headers);
req.body = filter(req.body);
error.data = filter(error.data);
error.options = filter(error.options);
Expand Down
4 changes: 3 additions & 1 deletion src/services/edusharing/services/EduSharingConnectorV6.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -114,7 +114,9 @@ class EduSharingConnector {
if (err.statusCode === 404) {
return null;
}
logger.error(`Edu-Sharing failed request with error ${err.statusCode} ${err.message}`, options);
// eslint-disable-next-line no-unused-vars
const { headers, ...logOptions } = options;
logger.error(`Edu-Sharing failed request with error ${err.statusCode} ${err.message}`, logOptions);
if (retried === true) {
throw new GeneralError('Edu-Sharing Request failed');
} else {
Expand Down

0 comments on commit 4d5a69c

Please sign in to comment.