jazzymc/homarr
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

fix: sensitive data can be leaked through query parameters (#1208)

Browse Source
This commit is contained in:
Meier Lukas
2024-09-30 21:59:21 +02:00
committed by GitHub
parent 233033f1ce
commit f24c06852e
1 changed files with 14 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
apps/tasks/src/undici-log-agent-override.ts
View File

@@ -9,8 +9,21 @@ class LoggingAgent extends Agent {
} }
dispatch(options: Dispatcher.DispatchOptions, handler: Dispatcher.DispatchHandlers): boolean { dispatch(options: Dispatcher.DispatchOptions, handler: Dispatcher.DispatchHandlers): boolean {
const url = new URL(`${options.origin as string}${options.path}`);
// The below code should prevent sensitive data from being logged as
// some integrations use query parameters for auth
url.searchParams.forEach((value, key) => {
if (value === "") return; // Skip empty values
if (/^\d{1,12}$/.test(value)) return; // Skip small numbers
if (value === "true" || value === "false") return; // Skip boolean values
if (/^[a-zA-Z]{1,12}$/.test(value)) return; // Skip short strings
url.searchParams.set(key, "REDACTED");
});
logger.info( logger.info(
`Dispatching request ${options.method} ${options.origin as string}${options.path} (${Object.keys(options.headers as object).length} headers)`, `Dispatching request ${url.toString().replaceAll("=&", "&")} (${Object.keys(options.headers as object).length} headers)`,
); );
return super.dispatch(options, handler); return super.dispatch(options, handler);
} }