fix: strip private attributes from bootstrap user (#479)

statsig-io · Aug 6, 2024 · 7bdbd13 · 7bdbd13
1 parent 4c6c6c4
commit 7bdbd13
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 4 deletions.
diff --git a/src/Evaluator.ts b/src/Evaluator.ts
@@ -8,7 +8,7 @@ import SpecStore, { APIEntityNames } from './SpecStore';
 import { ExplicitStatsigOptions, InitStrategy } from './StatsigOptions';
 import { ClientInitializeResponseOptions } from './StatsigServer';
 import { StatsigUser } from './StatsigUser';
-import { getSDKType, getSDKVersion, notEmpty } from './utils/core';
+import { cloneEnforce, getSDKType, getSDKVersion } from './utils/core';
 import {
   djb2Hash,
   HashingAlgorithm,
@@ -219,14 +219,15 @@ export default class Evaluator {
   }
 
   public getClientInitializeResponse(
-    user: StatsigUser,
+    inputUser: StatsigUser,
     _ctx: StatsigContext,
     clientSDKKey?: string,
     options?: ClientInitializeResponseOptions,
   ): ClientInitializeResponse | null {
     if (!this.store.isServingChecks()) {
       return null;
     }
+    const user = cloneEnforce(inputUser);
     const clientKeyToAppMap = this.store.getClientKeyToAppMap();
     let targetAppID: string | null = null;
     let targetEntities: APIEntityNames | null = null;
@@ -364,6 +365,7 @@ export default class Evaluator {
       evaluatedKeys['customIDs'] = user.customIDs;
     }
 
+    delete user.privateAttributes;
     this.deleteUndefinedFields(user);
 
     return {

diff --git a/src/LogEventProcessor.ts b/src/LogEventProcessor.ts
@@ -1,7 +1,6 @@
 import ConfigEvaluation from './ConfigEvaluation';
-import Diagnostics, { ContextType, Marker } from './Diagnostics';
+import Diagnostics, { Marker } from './Diagnostics';
 import ErrorBoundary from './ErrorBoundary';
-import { StatsigLocalModeNetworkError } from './Errors';
 import { EvaluationDetails } from './EvaluationDetails';
 import LogEvent, { LogEventData } from './LogEvent';
 import OutputLogger from './OutputLogger';

diff --git a/src/utils/core.ts b/src/utils/core.ts
@@ -36,6 +36,10 @@ function clone<T>(obj: T | null): T | null {
   return JSON.parse(JSON.stringify(obj));
 }
 
+function cloneEnforce<T>(obj: T): T {
+  return JSON.parse(JSON.stringify(obj));
+}
+
 // Return a number if num can be parsed to a number, otherwise return null
 function getNumericValue(num: unknown): number | null {
   if (num == null) {
@@ -112,6 +116,7 @@ function getTypeOf(value: unknown) {
 
 export {
   clone,
+  cloneEnforce,
   getBoolValue,
   getNumericValue,
   getSDKVersion,