express-bunyan-logger
express-bunyan-logger copied to clipboard
Obfuscation potentially mutates req/res data
If you add an obfuscate option like obfuscate: ['body.password']
and attempt to access req.body.password
after the req has been logged (immediate: true
for example), you'll receive [HIDDEN]
as the value for req.body.password
. The logger should deep copy the req/res data (body, headers), rather than assigning, to prevent mutation.
We provided an optimization to do work after express returned and turns out our sensitive but important information is clobbered by [HIDDEN] string.