generated from UK-Export-Finance/nestjs-template
-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(APIM-344): handle sensitive details in log messages (#324)
### Introduction Add functionality to remove sensitive data before writing it to the logs. ### Resolution - Redact errors in PinoLogger logs by unsetting some attributes in error. - Functionality copied from TFS-API. PinoLogger config gets new attribute `redact`. - Bootstrap might have errors with DB domain. Bootstrap errors are solved by using custom logger in src/main.ts - Functionality is done using custom logger ConsoleLoggerWithRedact - Redact errors in TypeORM error message strings. - Error strings are modified using PinoLogger hook logMethod. Hook is set in main.module.ts. - This is done using helper function redactStringsInLogArgs. ### Miscellaneous - Changed how Logger is loaded in the services. Now they use dependency injection. - New environment variable `REDACT_LOGS` ### Todo - Try catch could be removed from services, but default global exception handler logs smaller error dump.
- Loading branch information
Showing
36 changed files
with
759 additions
and
51 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2,6 +2,7 @@ | |
PORT= | ||
|
||
LOG_LEVEL=debug | ||
REDACT_LOGS=false | ||
|
||
# Swagger | ||
SWAGGER_USER= | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -18,6 +18,7 @@ services: | |
PORT: | ||
NODE_ENV: | ||
LOG_LEVEL: | ||
REDACT_LOGS: | ||
TZ: | ||
SWAGGER_USER: | ||
SWAGGER_PASSWORD: | ||
|
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,135 @@ | ||
import { RandomValueGenerator } from '@ukef-test/support/generator/random-value-generator'; | ||
|
||
import appConfig from './app.config'; | ||
import { InvalidConfigException } from './invalid-config.exception'; | ||
|
||
describe('appConfig', () => { | ||
const valueGenerator = new RandomValueGenerator(); | ||
|
||
let originalProcessEnv: NodeJS.ProcessEnv; | ||
|
||
beforeEach(() => { | ||
originalProcessEnv = process.env; | ||
}); | ||
|
||
afterEach(() => { | ||
process.env = originalProcessEnv; | ||
}); | ||
|
||
describe('parsing LOG_LEVEL', () => { | ||
it('throws an InvalidConfigException if LOG_LEVEL is specified but is not a valid log level', () => { | ||
replaceEnvironmentVariables({ | ||
LOG_LEVEL: 'not-a-real-log-level', | ||
}); | ||
|
||
const gettingTheAppConfig = () => appConfig(); | ||
|
||
expect(gettingTheAppConfig).toThrow(InvalidConfigException); | ||
expect(gettingTheAppConfig).toThrow(`LOG_LEVEL must be one of fatal,error,warn,info,debug,trace,silent or not specified.`); | ||
}); | ||
|
||
it('uses info as the logLevel if LOG_LEVEL is not specified', () => { | ||
replaceEnvironmentVariables({}); | ||
|
||
const config = appConfig(); | ||
|
||
expect(config.logLevel).toBe('info'); | ||
}); | ||
|
||
it('uses info as the logLevel if LOG_LEVEL is empty', () => { | ||
replaceEnvironmentVariables({ | ||
LOG_LEVEL: '', | ||
}); | ||
|
||
const config = appConfig(); | ||
|
||
expect(config.logLevel).toBe('info'); | ||
}); | ||
|
||
it.each([ | ||
{ | ||
LOG_LEVEL: 'fatal', | ||
}, | ||
{ | ||
LOG_LEVEL: 'error', | ||
}, | ||
{ | ||
LOG_LEVEL: 'warn', | ||
}, | ||
{ | ||
LOG_LEVEL: 'info', | ||
}, | ||
{ | ||
LOG_LEVEL: 'debug', | ||
}, | ||
{ | ||
LOG_LEVEL: 'trace', | ||
}, | ||
{ | ||
LOG_LEVEL: 'silent', | ||
}, | ||
])('uses LOG_LEVEL as the logLevel if LOG_LEVEL is valid ($LOG_LEVEL)', ({ LOG_LEVEL }) => { | ||
replaceEnvironmentVariables({ | ||
LOG_LEVEL, | ||
}); | ||
|
||
const config = appConfig(); | ||
|
||
expect(config.logLevel).toBe(LOG_LEVEL); | ||
}); | ||
}); | ||
|
||
describe('parsing REDACT_LOGS', () => { | ||
it('sets redactLogs to true if REDACT_LOGS is true', () => { | ||
replaceEnvironmentVariables({ | ||
REDACT_LOGS: 'true', | ||
}); | ||
|
||
const config = appConfig(); | ||
|
||
expect(config.redactLogs).toBe(true); | ||
}); | ||
|
||
it('sets redactLogs to false if REDACT_LOGS is false', () => { | ||
replaceEnvironmentVariables({ | ||
REDACT_LOGS: 'false', | ||
}); | ||
|
||
const config = appConfig(); | ||
|
||
expect(config.redactLogs).toBe(false); | ||
}); | ||
|
||
it('sets redactLogs to true if REDACT_LOGS is not specified', () => { | ||
replaceEnvironmentVariables({}); | ||
|
||
const config = appConfig(); | ||
|
||
expect(config.redactLogs).toBe(true); | ||
}); | ||
|
||
it('sets redactLogs to true if REDACT_LOGS is the empty string', () => { | ||
replaceEnvironmentVariables({ | ||
REDACT_LOGS: '', | ||
}); | ||
|
||
const config = appConfig(); | ||
|
||
expect(config.redactLogs).toBe(true); | ||
}); | ||
|
||
it('sets redactLogs to true if REDACT_LOGS is any string other than true or false', () => { | ||
replaceEnvironmentVariables({ | ||
REDACT_LOGS: valueGenerator.string(), | ||
}); | ||
|
||
const config = appConfig(); | ||
|
||
expect(config.redactLogs).toBe(true); | ||
}); | ||
}); | ||
|
||
const replaceEnvironmentVariables = (newEnvVariables: Record<string, string>): void => { | ||
process.env = newEnvVariables; | ||
}; | ||
}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.