From d10fb9e81465390c6a117ea49b9bfb97917b5c36 Mon Sep 17 00:00:00 2001
From: Aviad Reich <aviad@snyk.io>
Date: Thu, 7 Dec 2017 16:23:40 +0000
Subject: [PATCH] feat: sanitize headers when logged

---
 lib/log.js   | 14 ++++++++++++++
 package.json |  1 +
 2 files changed, 15 insertions(+)

diff --git a/lib/log.js b/lib/log.js
index c60480a3d..5d4c0d625 100644
--- a/lib/log.js
+++ b/lib/log.js
@@ -1,5 +1,6 @@
 const bunyan = require('bunyan');
 const escapeRegExp = require('lodash.escaperegexp');
+const mapValues = require('lodash.mapvalues');
 const config = require('./config');
 
 const sanitiseConfigVariable = (raw, variable) =>
@@ -37,12 +38,25 @@ function sanitise(raw) {
   return raw;
 }
 
+function sanitiseObject(obj) {
+  return mapValues(obj, v => sanitise(v));
+}
+
+function sanitiseHeaders(headers) {
+  const hdrs = JSON.parse(JSON.stringify(headers));
+  if (hdrs.authorization) {
+    hdrs.authorization = 'AUTHORIZATION';
+  }
+  return sanitiseObject(hdrs);
+}
+
 const log = bunyan.createLogger({
   name: 'snyk-broker',
   serializers: {
     token: sanitise,
     result: sanitise,
     url: sanitise,
+    headers: sanitiseHeaders,
   },
 });
 
diff --git a/package.json b/package.json
index d2397ca41..6abd2b78a 100644
--- a/package.json
+++ b/package.json
@@ -56,6 +56,7 @@
     "express": "^4.14.0",
     "js-yaml": "^3.6.1",
     "lodash.escaperegexp": "^4.1.2",
+    "lodash.mapvalues": "^4.6.0",
     "minimatch": "^3.0.4",
     "path-to-regexp": "^1.5.3",
     "primus": "^6.0.1",