From 7bdbd1322983b7166b3c6364a94034af3f6145e3 Mon Sep 17 00:00:00 2001
From: tore-statsig <74584483+tore-statsig@users.noreply.github.com>
Date: Tue, 6 Aug 2024 13:47:27 -0700
Subject: [PATCH] fix: strip private attributes from bootstrap user (#479)

---
 src/Evaluator.ts         | 6 ++++--
 src/LogEventProcessor.ts | 3 +--
 src/utils/core.ts        | 5 +++++
 3 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/src/Evaluator.ts b/src/Evaluator.ts
index 8f142ae..3998071 100644
--- a/src/Evaluator.ts
+++ b/src/Evaluator.ts
@@ -8,7 +8,7 @@ import SpecStore, { APIEntityNames } from './SpecStore';
 import { ExplicitStatsigOptions, InitStrategy } from './StatsigOptions';
 import { ClientInitializeResponseOptions } from './StatsigServer';
 import { StatsigUser } from './StatsigUser';
-import { getSDKType, getSDKVersion, notEmpty } from './utils/core';
+import { cloneEnforce, getSDKType, getSDKVersion } from './utils/core';
 import {
   djb2Hash,
   HashingAlgorithm,
@@ -219,7 +219,7 @@ export default class Evaluator {
   }
 
   public getClientInitializeResponse(
-    user: StatsigUser,
+    inputUser: StatsigUser,
     _ctx: StatsigContext,
     clientSDKKey?: string,
     options?: ClientInitializeResponseOptions,
@@ -227,6 +227,7 @@ export default class Evaluator {
     if (!this.store.isServingChecks()) {
       return null;
     }
+    const user = cloneEnforce(inputUser);
     const clientKeyToAppMap = this.store.getClientKeyToAppMap();
     let targetAppID: string | null = null;
     let targetEntities: APIEntityNames | null = null;
@@ -364,6 +365,7 @@ export default class Evaluator {
       evaluatedKeys['customIDs'] = user.customIDs;
     }
 
+    delete user.privateAttributes;
     this.deleteUndefinedFields(user);
 
     return {
diff --git a/src/LogEventProcessor.ts b/src/LogEventProcessor.ts
index 4bf0f31..844d3de 100644
--- a/src/LogEventProcessor.ts
+++ b/src/LogEventProcessor.ts
@@ -1,7 +1,6 @@
 import ConfigEvaluation from './ConfigEvaluation';
-import Diagnostics, { ContextType, Marker } from './Diagnostics';
+import Diagnostics, { Marker } from './Diagnostics';
 import ErrorBoundary from './ErrorBoundary';
-import { StatsigLocalModeNetworkError } from './Errors';
 import { EvaluationDetails } from './EvaluationDetails';
 import LogEvent, { LogEventData } from './LogEvent';
 import OutputLogger from './OutputLogger';
diff --git a/src/utils/core.ts b/src/utils/core.ts
index 89346c8..ffb29fe 100644
--- a/src/utils/core.ts
+++ b/src/utils/core.ts
@@ -36,6 +36,10 @@ function clone<T>(obj: T | null): T | null {
   return JSON.parse(JSON.stringify(obj));
 }
 
+function cloneEnforce<T>(obj: T): T {
+  return JSON.parse(JSON.stringify(obj));
+}
+
 // Return a number if num can be parsed to a number, otherwise return null
 function getNumericValue(num: unknown): number | null {
   if (num == null) {
@@ -112,6 +116,7 @@ function getTypeOf(value: unknown) {
 
 export {
   clone,
+  cloneEnforce,
   getBoolValue,
   getNumericValue,
   getSDKVersion,