Skip to content

Commit

Permalink
feat/test: sanitize log messages whilst preserving readability
Browse files Browse the repository at this point in the history
  • Loading branch information
@kristian4res
kristian4res committed Nov 5, 2024
1 parent 5252d26 commit fb143be
Show file tree
Hide file tree
Showing 2 changed files with 34 additions and 4 deletions.
12 changes: 8 additions & 4 deletions server/logger/cloudLogging.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,12 @@ import { Logging } from "@google-cloud/logging";
import { IncomingMessage } from "http";
import { AuditLog } from "../interfaces/logger";

export function formatLogMessage(text: string): string {
const message = text.replace(/[^\x20-\x7E\r\n]+/g, "");
const logFormat = "AUDIT_LOG: message";
return logFormat.replace("message", message);
}

export default class AuditLogger {
projectId: string;
logger: Logging;
Expand All @@ -15,14 +21,12 @@ export default class AuditLogger {
}

info(logger: IncomingMessage["log"], message: string): void {
const logFormat = "AUDIT_LOG: message";
const log = logFormat.replace("message", message);
const log = formatLogMessage(message);
logger.info(log);

Check warning

Code scanning / CodeQL

Log injection Medium

Log entry depends on a
user-provided value
Loading
.
Log entry depends on a
user-provided value
Loading
.
Log entry depends on a
user-provided value
Loading
.
Log entry depends on a
user-provided value
Loading
.
Log entry depends on a
user-provided value
Loading
.
Log entry depends on a
user-provided value
Loading
.
}

error(logger: IncomingMessage["log"], message: string): void {
const logFormat = "AUDIT_LOG: message";
const log = logFormat.replace("message", message);
const log = formatLogMessage(message);
logger.error(log);

Check warning

Code scanning / CodeQL

Log injection Medium

Log entry depends on a
user-provided value
Loading
.
Log entry depends on a
user-provided value
Loading
.
Log entry depends on a
user-provided value
Loading
.
Log entry depends on a
user-provided value
Loading
.
Log entry depends on a
user-provided value
Loading
.
}

Expand Down
26 changes: 26 additions & 0 deletions server/tests/logger/cloudLogging.test.ts
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
import { formatLogMessage } from "../../logger/cloudLogging";

describe("formatLogMessage utility function ensures complex log messages are sanitized but still readable", () => {
it("should preserve newlines and carriage returns", () => {
const inputMessage = "Error: Something went wrong\nDetails: Invalid input\r\nPlease try again.";
const expectedOutput = "AUDIT_LOG: Error: Something went wrong\nDetails: Invalid input\r\nPlease try again.";

const formattedMessage = formatLogMessage(inputMessage);

console.log("Expected log format:", JSON.stringify(expectedOutput));
console.log("Received log format:", JSON.stringify(formattedMessage));

expect(formattedMessage).toBe(expectedOutput);
});

it("should remove non-printable characters", () => {
const message = "Error: Something went wrong\x01\x02\n at FunctionName (file.js:10:15)\x03\x04\n at AnotherFunction (file.js:20:25)\r\n at YetAnotherFunction (file.js:30:35)";
const expectedOutput = "AUDIT_LOG: Error: Something went wrong\n at FunctionName (file.js:10:15)\n at AnotherFunction (file.js:20:25)\r\n at YetAnotherFunction (file.js:30:35)";
const formattedMessage = formatLogMessage(message);

console.log("Expected log format:", JSON.stringify(expectedOutput));
console.log("Received log format:", JSON.stringify(formattedMessage));

expect(formattedMessage).toBe(expectedOutput);
});
});

0 comments on commit fb143be

Please sign in to comment.