pino icon indicating copy to clipboard operation
pino copied to clipboard

Published 20 hours ago • verified publisher icon pinojs

Redact mutates the original object

Open AlexRex opened this issue 3 years ago • 5 comments

We noticed that redact is mutating the original object, and not bringing back its properties.

Snippet to reproduce:

import pino from 'pino'

const config: pino.LoggerOptions = {
  level: 'debug',
  redact: [ // Eliminate these fields from the logs!
    'context.password',
    'password',
    'context.*.password',
    'context[*].password'
  ]
}

const logger = pino(config)

const test = {
  whatever: { password: '1234' }
}

logger.info({ context: test }, 'info')

console.log(test) //  { whatever: { password: '[Redacted]' } }

Versions used:

"pino": "7.11.0",
"pino-pretty": "7.6.1"

AlexRex avatar Oct 19 '22 16:10 AlexRex

Noticed some related issues, but looks like this is still not fixed: https://github.com/pinojs/pino/issues/1320 https://github.com/pinojs/pino/issues/1321

AlexRex avatar Oct 19 '22 16:10 AlexRex

This is due to the fact that you have multiple patterns covering the same object. There is likely one more bug. Would you like to send a PR?

mcollina avatar Oct 19 '22 16:10 mcollina

Just encountered this bug in a project. Seems to still exist in the newest version

stefanwaldhauser avatar Jul 09 '23 14:07 stefanwaldhauser

Just fell into that. Our forwarded requests internally lost authentication cookies.

paths: [
      // Requests
      // 'req.headers.cookie', // <- Adding this prevents cookies from being forwarded for http-proxy
      'req.headers["sec-ch-ua"]',
      'req.headers["sec-ch-ua-mobile"]',
      'req.headers["sec-ch-ua-platform"]',
      'req.headers.dnt',
      'req.headers["sec-fetch-dest"]',
      'req.headers["sec-fetch-user"]',
      'req.headers["sec-fetch-mode"]',
      'req.headers["sec-fetch-site"]',
      'req.headers.connection',
      // Raw (emitted by proxying to by api v4)
      'req.raw',
      'res.raw',
      'res.request.raw',
      // Responses
      'res.headers',
    ],
    ```

matthiasg avatar Mar 05 '24 14:03 matthiasg

Just ran into this as well on our production servers. Causing all sorts of issues. Any ideas on a fix?

srzainab avatar Mar 14 '24 17:03 srzainab

FWIW, I tested this in the latest version v9.1.0, and can no longer reproduce

emmyakin avatar May 15 '24 11:05 emmyakin

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

github-actions[bot] avatar Jun 18 '24 00:06 github-actions[bot]