hook.io-sdk icon indicating copy to clipboard operation
hook.io-sdk copied to clipboard

Published 20 hours ago verified publisher icon stackvana

GH-3: keep hook_private_key away from logged parameters

Open pyhedgehog opened this issue 8 years ago • 0 comments

Assuming

# export hook_private_key=12345

Before:

# node bin/hook marak/echo
{ hook_private_key: '12345', param1: 'foo', param2: 'bar' }

After

# node bin/hook marak/echo
{ param1: 'foo', param2: 'bar' }

Also compare logs: before

[
  {"time":"2016-05-13T20:09:22.114Z","data":"\"POST\"","ip":"127.0.0.1"},
  {"time":"2016-05-13T20:09:22.114Z","data":"\"/marak/echo\"","ip":"127.0.0.1"},
  {"time":"2016-05-13T20:09:22.114Z","data":"{\"hook_private_key\":\"12345\",\"param1\":\"foo\",\"param2\":\"bar\"}","ip":"127.0.0.1"},
  {"time":"2016-05-13T20:09:22.113Z","data":"\"Console messages are sent to /logs\"","ip":"127.0.0.1"},
  {"time":"2016-05-13T20:08:39.887Z","data":"{\"env1\":\"val1\",\"hello2\":\"there\",\"hookAccessKey\":\"51b8f3cd-eb23-45ab-84be-8e0e1f5a161a\"}","ip":"127.0.0.1"}
]

after

[
  {"time":"2016-05-13T20:08:39.887Z","data":"\"POST\"","ip":"127.0.0.1"},
  {"time":"2016-05-13T20:08:39.886Z","data":"\"/marak/echo\"","ip":"127.0.0.1"},
  {"time":"2016-05-13T20:08:39.886Z","data":"{\"param1\":\"foo\",\"param2\":\"bar\"}","ip":"127.0.0.1"},
  {"time":"2016-05-13T20:08:39.882Z","data":"\"Console messages are sent to /logs\"","ip":"127.0.0.1"},
  {"time":"2016-05-13T20:08:32.468Z","data":"{\"env1\":\"val1\",\"hello2\":\"there\",\"hookAccessKey\":\"51b8f3cd-eb23-45ab-84be-8e0e1f5a161a\"}","ip":"127.0.0.1"}
]

Obviously if one outputs hook.req.headers to logs this will not help, but this can be additionally documented.

pyhedgehog avatar May 13 '16 20:05 pyhedgehog