From 176bca77488964028fe73e700ea5d7f8bc064192 Mon Sep 17 00:00:00 2001 From: Dayoung Lee Date: Thu, 20 Jul 2023 18:27:35 +0900 Subject: [PATCH 1/2] [Logger] Add redact step This commit adds redact step to a Logger. ONE-vscode-DCO-1.0-Signed-off-by: Dayoung Lee --- src/Utils/Logger.ts | 42 ++++++++++++++++++++++++++++-------------- 1 file changed, 28 insertions(+), 14 deletions(-) diff --git a/src/Utils/Logger.ts b/src/Utils/Logger.ts index 490e163b..c85328e1 100644 --- a/src/Utils/Logger.ts +++ b/src/Utils/Logger.ts @@ -33,26 +33,36 @@ const isDebugMode = process.env.VSCODE_DEBUG_MODE === "true"; * - message: watch out */ function _logStr(severity: string, tag: string, ...msgs: MsgList) { - let logStrList = []; - if (msgs.length === 0) { // Do not print return ""; } - for (let m of msgs) { - if (m instanceof Error) { - const err = m as Error; - logStrList.push( - `\nError was thrown:\n- name: ${err.name}\n- message: ${err.message}` - ); - } else if (typeof m === "object") { - logStrList.push(`\n${m.constructor.name}: ${JSON.stringify(m)}`); - } else { - logStrList.push(`${m}`); + const flatten = (msgs: MsgList) => { + let logStrList = []; + for (let m of msgs) { + if (m instanceof Error) { + const err = m as Error; + logStrList.push( + `\nError was thrown:\n- name: ${err.name}\n- message: ${err.message}` + ); + } else if (typeof m === "object") { + logStrList.push(`\n${m.constructor.name}: ${JSON.stringify(m)}`); + } else { + logStrList.push(`${m}`); + } } - } - const msg = logStrList.join(" "); + return logStrList.join(" "); + }; + + const redact = (msg: string) => { + // Replace github tokens with ******** + const prefix = "ghp_"; + const regex = new RegExp(`${prefix}[a-zA-Z0-9]+`, "g"); + return msg.replace(regex, "********"); + }; + + const msg = redact(flatten(msgs)); const time = new Date().toLocaleString(); return `[${time}][${tag}][${severity}] ${msg}`; @@ -116,6 +126,8 @@ export class Logger { * @brief Print msg and a line feed character without adding '[time][tag][severity]' * @detail When log is long and need to be splitted into many chunks, append() could be used * after the first chunk. + * + * @todo streamify logger to format consistently (ex. redact is not applied to this function) */ public static appendLine(msg: string) { Logger.checkShow(); @@ -126,6 +138,8 @@ export class Logger { * @brief Print msg without adding '[time][tag][severity]' * @detail When log is long and need to be splitted into many chunks, append() could be used * after the first chunk. + * + * @todo streamify logger to format consistently (ex. redact is not applied to this function) */ public static append(msg: string) { Logger.checkShow(); From b6adf9d1f5c11dd310a824594ed746bf3b4d8edc Mon Sep 17 00:00:00 2001 From: Dayoung Lee Date: Wed, 2 Aug 2023 16:38:46 +0900 Subject: [PATCH 2/2] Add fine grained token redact --- src/Utils/Logger.ts | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/Utils/Logger.ts b/src/Utils/Logger.ts index c85328e1..090c6151 100644 --- a/src/Utils/Logger.ts +++ b/src/Utils/Logger.ts @@ -56,10 +56,12 @@ function _logStr(severity: string, tag: string, ...msgs: MsgList) { }; const redact = (msg: string) => { - // Replace github tokens with ******** - const prefix = "ghp_"; - const regex = new RegExp(`${prefix}[a-zA-Z0-9]+`, "g"); - return msg.replace(regex, "********"); + // Replace Github Personal Access Tokens with ******** + const classicPAT = "ghp_[a-zA-Z0-9]+"; + const findGrainedPAT = "github_pat_[a-zA-Z0-9_]+"; + const regex = new RegExp(`(${classicPAT})|(${findGrainedPAT})`, "g"); + + return msg.replace(regex, "*********************"); }; const msg = redact(flatten(msgs));