joi
joi copied to clipboard
hapijs
Add config to exclude `value` from `Context` to prevent ingestion of secrets into logs
Support plan
- is this issue currently blocking your project? (yes/no): no
- is this issue affecting a production system? (yes/no): yes
Context
- node version: any
- module version: 17+
- environment (e.g. node, browser, native): node
- used with (e.g. hapi application, another framework, standalone, ...): standalone (affects all)
- any other relevant information: .
What problem are you trying to solve?
The default errors from failing joi validations contain the value that was under validation. If a developer captures the error in their logs, this can lead to sensitive information leaking into logs through errors[i].context.value.
[1] {
[1] "message": "\"users[0].passwordOrSecureField\" length must be 12 characters long",
[1] "path": [
[1] "users",
[1] 0,
[1] "passwordOrSecureField"
[1] ],
[1] "type": "string.length",
[1] "context": {
[1] "limit": 12,
[1] "value": "super-secret-value-should-not-be-in-logs",
[1] "label": "users[0].passwordOrSecureField",
[1] "key": "passwordOrSecureField"
[1] }
[1] }
Do you have a new or modified API suggestion to solve the problem?
This issue could be resolved by adding a custom error constructor. If this feature already exists, it would be useful to include mentions in the documentation.
