Mask sensitive information when logging

Author: Marco129

spec/FileLoggerAdapter.spec.js

@@ -1,3 +1,5 @@
+'use strict';
+
 var FileLoggerAdapter = require('../src/Adapters/Logger/FileLoggerAdapter').FileLoggerAdapter;
 var Parse = require('parse/node').Parse;
 
@@ -21,6 +23,28 @@ describe('info logs', () => {
       });
     });
   });
+
+  it("Can mask sensitive information", (done) => {
+    let customConfig = Object.assign({}, defaultConfiguration, {verbose: true});
+    setServerConfiguration(customConfig);
+    createTestUser().then(() => {
+      let fileLoggerAdapter = new FileLoggerAdapter();
+      fileLoggerAdapter.query({
+        from: new Date(Date.now() - 500),
+        size: 100,
+        level: 'verbose'
+      }, (results) => {
+        if(results.length == 0) {
+          fail('The adapter should return non-empty results');
+          done();
+        } else {
+          expect(results[1].message.includes('"password": "******"')).toEqual(true);
+          done();
+        }
+      });
+    });
+  });
+
 });
 
 describe('error logs', () => {

src/logger.js

@@ -50,7 +50,12 @@ export function configureLogger({logsFolder, level = winston.level}) {
   currentLogsFolder = logsFolder;
 
   logger.configure({
-    transports:  generateTransports(level)
+    transports:  generateTransports(level),
+    filters: [
+      (level, msg, meta) => {
+        return maskSensitiveInformation(msg);
+      }
+    ]
   })
 }
 
@@ -71,5 +76,16 @@ export function addGroup(groupName) {
   return winston.loggers.get(groupName);
 }
 
+function maskSensitiveInformation(msg) {
+  let match;
+  if (match = msg.match(/("password": ".*")/)) {
+    msg = msg.replace(match[1], '"password": "******"');
+  }
+  if (match = msg.match(/(password=.*)&?/)) {
+    msg = msg.replace(match[1], 'password=******');
+  }
+  return msg;
+}
+
 export { logger };
 export default logger;