bugfix/1026 Possible Sensitive Info In Callbacks

Added filterExtensions utility method and full test coverage for it. Upgraded dependencies. Version bump. (#124)
mojaloop · Oct 31, 2019 · c74b1ba · c74b1ba
1 parent 018e51f
commit c74b1ba
Show file tree

Hide file tree

Showing 4 changed files with 67 additions and 16 deletions.
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@mojaloop/central-services-shared",
-  "version": "8.3.4",
+  "version": "8.4.0",
   "description": "Shared code for central services",
   "main": "src/index.js",
   "scripts": {
@@ -64,7 +64,7 @@
     "chance": "1.1.3",
     "faucet": "0.0.1",
     "npm-audit-resolver": "2.1.0",
-    "npm-check-updates": "3.1.25",
+    "npm-check-updates": "3.1.26",
     "nyc": "14.1.1",
     "pre-commit": "1.2.2",
     "proxyquire": "2.1.3",

diff --git a/src/util/index.js b/src/util/index.js
@@ -198,6 +198,24 @@ const getCircularReplacer = () => {
   }
 }
 
+const filterExtensions = (extensionsArray, exclKeysArray, exclValuesArray) => {
+  const extensions = extensionsArray != null && typeof extensionsArray[Symbol.iterator] === 'function' ? extensionsArray : []
+  const exclKeys = exclKeysArray != null && typeof exclKeysArray[Symbol.iterator] === 'function' ? exclKeysArray : []
+  const exclValues = exclValuesArray != null && typeof exclValuesArray[Symbol.iterator] === 'function' ? exclValuesArray : []
+  return extensions.filter(ext => {
+    let match = false
+    for (const key of exclKeys) {
+      match = ext.key && (ext.key.search(key) + 1)
+      if (match) return false
+    }
+    for (const value of exclValues) {
+      match = ext.value && (ext.value.search(value) + 1)
+      if (match) return false
+    }
+    return true
+  })
+}
+
 module.exports = {
   assign,
   expand,
@@ -216,6 +234,7 @@ module.exports = {
   breadcrumb,
   transpose,
   getCircularReplacer,
+  filterExtensions,
   Kafka,
   Endpoints,
   Request,

diff --git a/test/unit/util/index.test.js b/test/unit/util/index.test.js
@@ -552,16 +552,16 @@ Test('General util', utilTest => {
     transposeTest.end()
   })
 
-  utilTest.test('JSON.stringify() with a replacer function getCircularReplacer should', transposeTest => {
-    transposeTest.test('return stringified value for a primitive', test => {
+  utilTest.test('JSON.stringify() with a replacer function getCircularReplacer should', circularTest => {
+    circularTest.test('return stringified value for a primitive', test => {
       const primitive = '0'
       const expected = '"0"'
 
       const result = JSON.stringify(primitive, Util.getCircularReplacer())
       test.equal(result, expected)
       test.end()
     })
-    transposeTest.test('return an object of primitives while removing circular references', test => {
+    circularTest.test('return an object of primitives while removing circular references', test => {
       const obj = { primitive: '0' }
       obj.circular = obj
       const expected = '{"primitive":"0"}'
@@ -571,7 +571,39 @@ Test('General util', utilTest => {
       test.end()
     })
 
-    transposeTest.end()
+    circularTest.end()
+  })
+
+  utilTest.test('filterExtensions should', filterTest => {
+    const extensions = [
+      { key: 'url', value: 'fullUrl' },
+      { key: 'sourceFsp', value: 'fspiopSource' },
+      { key: 'destinationFsp', value: 'fspiopDest' },
+      { key: 'method', value: 'httpMethod' },
+      { key: 'request', value: 'possible sensitive content' },
+      { key: 'response', value: 'Password: 1234' }
+    ]
+    filterTest.test('filter extensions using predefined list of exact or regex matches for keys and values', test => {
+      const exclKeysArray = ['request', /regex/i]
+      const exclValuesArray = ['specific value', /password/i]
+      const expected = [
+        { key: 'url', value: 'fullUrl' },
+        { key: 'sourceFsp', value: 'fspiopSource' },
+        { key: 'destinationFsp', value: 'fspiopDest' },
+        { key: 'method', value: 'httpMethod' }
+      ]
+
+      const result = Util.filterExtensions(extensions, exclKeysArray, exclValuesArray)
+      test.deepEqual(result, expected)
+      test.end()
+    })
+    filterTest.test('return empty array when called with no arguments', test => {
+      const result = Util.filterExtensions()
+      test.deepEqual(result, [])
+      test.end()
+    })
+
+    filterTest.end()
   })
 
   utilTest.end()