From da036be27b4d15e27f94c6415bfb5674a5be0d48 Mon Sep 17 00:00:00 2001 From: tore-statsig <74584483+tore-statsig@users.noreply.github.com> Date: Fri, 5 Jul 2024 13:31:32 -0700 Subject: [PATCH] fix: sanitize output logger of sdk key (#467) --- src/OutputLogger.ts | 32 +++++++++++++++++++++++++----- src/__tests__/OutputLogger.test.ts | 4 ++-- src/index.ts | 2 +- 3 files changed, 30 insertions(+), 8 deletions(-) diff --git a/src/OutputLogger.ts b/src/OutputLogger.ts index e001ec4..b1b502d 100644 --- a/src/OutputLogger.ts +++ b/src/OutputLogger.ts @@ -2,6 +2,7 @@ import { LoggerInterface } from './StatsigOptions'; let _logger: LoggerInterface = { ...console, logLevel: 'warn' }; +let _sdkKey: string | null = null; export default abstract class OutputLogger { static getLogger(): LoggerInterface { @@ -10,7 +11,8 @@ export default abstract class OutputLogger { static debug(message?: any, ...optionalParams: any[]) { if (_logger.logLevel !== 'none') { - _logger.debug && _logger.debug(message, ...optionalParams); + const sanitizedMessage = this.sanitizeError(message); + _logger.debug && _logger.debug(sanitizedMessage, ...optionalParams); } } @@ -20,27 +22,47 @@ export default abstract class OutputLogger { _logger.logLevel === 'warn' || _logger.logLevel === 'error' ) { - _logger.info && _logger.info(message, ...optionalParams); + const sanitizedMessage = this.sanitizeError(message); + _logger.info && _logger.info(sanitizedMessage, ...optionalParams); } } static warn(message?: any, ...optionalParams: any[]) { if (_logger.logLevel === 'warn' || _logger.logLevel === 'error') { - _logger.warn(message, ...optionalParams); + const sanitizedMessage = this.sanitizeError(message); + _logger.warn(sanitizedMessage, ...optionalParams); } } static error(message?: any, ...optionalParams: any[]) { if (_logger.logLevel === 'error') { - _logger.error(message, ...optionalParams); + const sanitizedMessage = this.sanitizeError(message); + _logger.error(sanitizedMessage, ...optionalParams); } } - static setLogger(logger: LoggerInterface) { + static setLogger(logger: LoggerInterface, sdkKey: string) { _logger = logger; + _sdkKey = sdkKey; } static resetLogger() { _logger = { ...console, logLevel: 'warn' }; } + + static sanitizeError(message: any): any { + if (_sdkKey === null) { + return message; + } + try { + if (typeof message === 'string') { + return message.replace(new RegExp(_sdkKey, 'g'), '******'); + } else if (message instanceof Error) { + return message.toString().replace(new RegExp(_sdkKey, 'g'), '******'); + } + } catch (_e) { + // ignore + } + return message; + } } diff --git a/src/__tests__/OutputLogger.test.ts b/src/__tests__/OutputLogger.test.ts index 3a4e0f9..1650782 100644 --- a/src/__tests__/OutputLogger.test.ts +++ b/src/__tests__/OutputLogger.test.ts @@ -24,8 +24,8 @@ describe('Output Logger Interface', () => { expect(errors.length).toEqual(level === 'error' ? 3 : 0); if (level === 'error') { expect(errors).toContainEqual('statsigSDK> EventName needs to be a string of non-zero length.'); - expect(errors).toContainEqual(new StatsigInitializeFromNetworkError(new Error(`Request to https://api.statsigcdn.com/v1/download_config_specs/${secretKey}.json?sinceTime=0 failed with status 401`))); - expect(errors).toContainEqual(new StatsigInitializeIDListsError(new Error('Request to https://statsigapi.net/v1/get_id_lists failed with status 401'))); + expect(errors).toContainEqual((new StatsigInitializeFromNetworkError(new Error(`Request to https://api.statsigcdn.com/v1/download_config_specs/******.json?sinceTime=0 failed with status 401`))).toString()); + expect(errors).toContainEqual((new StatsigInitializeIDListsError(new Error('Request to https://statsigapi.net/v1/get_id_lists failed with status 401'))).toString()); } // @ts-ignore let event = new LogEvent(null); diff --git a/src/index.ts b/src/index.ts index 862bed5..d17798a 100644 --- a/src/index.ts +++ b/src/index.ts @@ -68,7 +68,7 @@ export const Statsig = { options: StatsigOptions = {}, ): Promise { if (options.logger) { - OutputLogger.setLogger(options.logger); + OutputLogger.setLogger(options.logger, secretKey); } const inst =