From ab4244e8cfe2bcca6930e47b2ce1b884537b0497 Mon Sep 17 00:00:00 2001 From: Gwunleong Lee <108258271+gwnlng@users.noreply.github.com> Date: Fri, 28 Jul 2023 22:04:18 +0800 Subject: [PATCH] Fix/sanitize err (#74) * fix: sanitize error moved ci to github actions included response interceptor to sanitize error included timeout testcase on v1 api endpoint fixed 1 dependencies package --- .circleci/config.yml | 77 --------------------------- .github/workflows/ci.yml | 63 ++++++++++++++++++++++ .github/workflows/release.yml | 36 +++++++++++++ package.json | 1 + src/lib/request/request.ts | 5 ++ test/lib/request/request.test.ts | 22 ++++++++ test/lib/request/rest-request.test.ts | 23 ++++++++ 7 files changed, 150 insertions(+), 77 deletions(-) delete mode 100644 .circleci/config.yml create mode 100644 .github/workflows/ci.yml create mode 100644 .github/workflows/release.yml diff --git a/.circleci/config.yml b/.circleci/config.yml deleted file mode 100644 index 89b1454..0000000 --- a/.circleci/config.yml +++ /dev/null @@ -1,77 +0,0 @@ -version: 2.1 -orbs: - snyk: snyk/snyk@1.1.2 - -jobs: - build-test-monitor: - docker: - # specify the version - - image: circleci/node:latest - - steps: - - checkout - - run: npm install semantic-release @semantic-release/exec --save-dev - - run: - name: "Install deps" - command: | - npm install - - run: - name: "Run Tests" - command: | - npm test - - snyk/scan: - fail-on-issues: true - monitor-on-build: true - token-variable: SNYK_TOKEN - - run: npx semantic-release - - build-test: - docker: - # specify the version - - image: circleci/node:latest - - steps: - - checkout - - run: - name: "Install deps" - command: | - npm install - - run: - name: "Run Tests" - command: | - npm test - - snyk/scan: - fail-on-issues: true - monitor-on-build: false - token-variable: SNYK_TOKEN - -workflows: - version: 2.1 - nightly: - triggers: - - schedule: - cron: "0 0 * * *" - filters: - branches: - only: - - master - jobs: - - build-test-monitor: - context: SNYK - build-test-monitor-publish: - jobs: - - build-test-monitor: - context: SNYK - filters: - branches: - only: - - master - build-test: - jobs: - - build-test: - context: SNYK - filters: - branches: - ignore: - - master - diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..847fb8b --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,63 @@ +# This is a basic workflow to help you get started with Actions + +name: ci + +# Controls when the workflow will run +on: + # Triggers the workflow on push or pull request events but only for the "main" branch + push: + branches: + - '**' + pull_request: + branches: + - 'master' + + # Allows you to run this workflow manually from the Actions tab + workflow_dispatch: + +# A workflow run is made up of one or more jobs that can run sequentially or in parallel +jobs: + build-test: + # The type of runner that the job will run on + runs-on: ubuntu-latest + # Steps represent a sequence of tasks that will be executed as part of the job + steps: + # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it + - uses: actions/checkout@v3 + - name: Setup Node.js environment + uses: actions/setup-node@v3 + with: + node-version: 18 + - name: Install dependencies + run: | + npm install + - name: Run tests + run: | + npm test + - name: Run Snyk to check for vulnerabilities + uses: snyk/actions/node@master + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + with: + args: --severity-threshold=high + build-test-monitor: + if: github.ref == 'refs/heads/master' + runs-on: ubuntu-latest + needs: build-test + steps: + - uses: actions/checkout@v3 + - name: Setup Node.js environment + uses: actions/setup-node@v3 + with: + node-version: 18 + - name: Install dependencies + run: | + npm install semantic-release @semantic-release/exec pkg --save-dev + npm install + - name: Run Snyk to check for vulnerabilities + uses: snyk/actions/node@master + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + with: + args: --org=cse-snyk-labs + command: monitor diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..4ebab2b --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,36 @@ +name: Release action +on: + push: + branches: + - master + +permissions: + contents: read # for checkout + +jobs: + build-and-publish: + if: github.ref == 'refs/heads/master' + runs-on: ubuntu-latest + permissions: + contents: write # to be able to publish a GitHub release + issues: write # to be able to comment on released issues + pull-requests: write # to be able to comment on released pull requests + id-token: write # to enable use of OIDC for npm provenance + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 0 + - name: Setup Node.js + uses: actions/setup-node@v3 + with: + node-version: "lts/*" + - name: Install dependencies + run: npm install + - name: Verify the integrity of provenance attestations and registry signatures for installed dependencies + run: npm audit signatures + - name: Release + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + run: npx semantic-release diff --git a/package.json b/package.json index 1e7f1ea..dff1939 100644 --- a/package.json +++ b/package.json @@ -33,6 +33,7 @@ "homepage": "https://github.com/snyk-tech-services/snyk-request-manager#readme", "dependencies": { "@snyk/configstore": "^3.2.0-rc1", + "@types/babel__traverse": "7.17.1", "@types/debug": "^4.1.7", "@types/uuid": "^7.0.3", "axios": "0.27.2", diff --git a/src/lib/request/request.ts b/src/lib/request/request.ts index 7724aa2..613a234 100644 --- a/src/lib/request/request.ts +++ b/src/lib/request/request.ts @@ -58,6 +58,11 @@ const makeSnykRequest = async ( }, timeout: 30_000, // 5 mins same as Snyk APIs }); + // sanitize error to avoid leaking sensitive data + apiClient.interceptors.response.use(undefined, async (error) => { + error.config.headers.Authorization = '****'; + return Promise.reject(error); + }); try { let res; diff --git a/test/lib/request/request.test.ts b/test/lib/request/request.test.ts index 2796d12..4685286 100644 --- a/test/lib/request/request.test.ts +++ b/test/lib/request/request.test.ts @@ -30,6 +30,9 @@ beforeEach(() => { .reply(512, '512') .post(/\/genericerror/) .reply(512, '512') + .get(/\/gotimeout/) + .delayConnection(32000) + .reply(504, '504') .get(/\/apiautherror/) .reply(401, '401') .post(/\/apiautherror/) @@ -206,4 +209,23 @@ describe('Test Snyk Utils error handling/classification', () => { expect(err).toBeInstanceOf(GenericError); } }); + + it('Test Timeout error on GET command', async () => { + try { + const bodyToSend = { + testbody: {}, + }; + await makeSnykRequest( + { + verb: 'GET', + url: '/gotimeout', + body: JSON.stringify(bodyToSend), + }, + 'token123', + ); + } catch (err) { + expect(err).toBeInstanceOf(GenericError); + expect(err.message.config.headers.Authorization).toBe('****'); + } + }); }); diff --git a/test/lib/request/rest-request.test.ts b/test/lib/request/rest-request.test.ts index 204e608..be9c3bf 100644 --- a/test/lib/request/rest-request.test.ts +++ b/test/lib/request/rest-request.test.ts @@ -32,6 +32,9 @@ beforeEach(() => { .reply(512, '512') .post(/\/genericerror/) .reply(512, '512') + .get(/\/gotimeout/) + .delayConnection(32000) + .reply(504, '504') .get(/\/apiautherror/) .reply(401, '401') .post(/\/apiautherror/) @@ -287,4 +290,24 @@ describe('Test Snyk Utils error handling/classification', () => { expect(err).toBeInstanceOf(GenericError); } }); + + it('Test Timeout error on GET command', async () => { + try { + const bodyToSend = { + testbody: {}, + }; + await makeSnykRequest( + { + verb: 'GET', + url: '/gotimeout', + body: JSON.stringify(bodyToSend), + useRESTApi: true, + }, + 'token123', + ); + } catch (err) { + expect(err).toBeInstanceOf(GenericError); + expect(err.message.config.headers.Authorization).toBe('****'); + } + }); });