NuKVM/xen-orchestra
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(api): do not log nested passwords (#624)

Browse Source 
Fixes vatesfr/xo-web#2506
This commit is contained in:
Julien Fontanet 2017-11-23 11:21:06 +01:00 committed by GitHub
parent bd18a9270e
commit c43ea11017
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 20 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
src/xo-mixins/api.js
View File

@ -2,6 +2,13 @@ import createDebug from 'debug'
import kindOf from 'kindof'
import ms from 'ms'
import schemaInspector from 'schema-inspector'
import {
forEach,
isArray,
isFunction,
map,
mapValues
} from 'lodash'
import * as methods from '../api'
import {
@ -9,8 +16,6 @@ import {
} from 'json-rpc-peer'
import {
createRawObject,
forEach,
isFunction,
noop,
serializeError
} from '../utils'
@ -143,13 +148,19 @@ function resolveParams (method, params) {
// -------------------------------------------------------------------
const removeSensitiveParams = params =>
typeof params.password === 'string'
? {
...params,
password: '* obfuscated *'
}
: params
const removeSensitiveParams = (value, name) => {
if (name === 'password' && typeof value === 'string') {
return '* obfuscated *'
}
if (typeof value !== 'object' || value === null) {
return value
}
return isArray(value)
? map(value, removeSensitiveParams)
: mapValues(value, removeSensitiveParams)
}
// ===================================================================