refs #42: DON'T print sensitive info in trace log.

skygragon · skygragon · commit 349b53187f9b · 2017-06-09T17:51:48.000+08:00
* Cookie
* X-CSRFToken
* Set-Cookie

Signed-off-by: Eric Wang &lt;skygragon@gmail.com&gt;
diff --git a/lib/cli.js b/lib/cli.js
@@ -7,6 +7,7 @@ var _ = require('underscore');
 var chalk = require('./chalk');
 var config = require('./config');
 var icon = require('./icon');
+var h = require('./helper');
 
 // We are expecting a tier configuration like:
 // global config < local config < cli params
@@ -57,14 +58,13 @@ function setLogLevel() {
         args.unshift('[TRACE]');
       }
       console.log.apply(null, _.map(args, function(arg) {
-        return chalk.gray(arg);
+        return chalk.gray(h.printSafeHTTP(arg));
       }));
     });
   }
 }
 
 function checkCache() {
-  var h = require('./helper');
   var cacheDir = h.getCacheDir();
 
   if (!fs.existsSync(cacheDir))
diff --git a/lib/helper.js b/lib/helper.js
@@ -165,4 +165,10 @@ h.getSetCookieValue = function(resp, key) {
   return null;
 };
 
+h.printSafeHTTP = function(msg) {
+  return msg.replace(/(Cookie\s*:\s*)'.*?'/, '$1<hidden>')
+    .replace(/('X-CSRFToken'\s*:\s*)'.*?'/, '$1<hidden>')
+    .replace(/('set-cookie'\s*:\s*)\[.*?\]/, '$1<hidden>');
+};
+
 module.exports = h;
