From d248a6f8caf8ba045062cb7adb7d4c7af863a6ec Mon Sep 17 00:00:00 2001 From: Anto Aravinth Date: Sat, 28 Jul 2018 12:12:32 +0530 Subject: [PATCH] util: Adding warnings when NODE_DEBUG is set as http/http2 --- lib/util.js | 12 ++++++++++++ test/parallel/test-http-conn-reset.js | 1 + test/parallel/test-http-debug.js | 14 ++++++++++++++ test/parallel/test-http2-debug.js | 3 +++ 4 files changed, 30 insertions(+) create mode 100644 test/parallel/test-http-debug.js diff --git a/lib/util.js b/lib/util.js index 3c4fdbb128ada5..ef7aa37da39163 100644 --- a/lib/util.js +++ b/lib/util.js @@ -306,11 +306,23 @@ if (process.env.NODE_DEBUG) { debugEnvRegex = new RegExp(`^${debugEnv}$`, 'i'); } +// Emits warning when user sets +// NODE_DEBUG=http or NODE_DEBUG=http2. +function emitWarningIfNeeded(set) { + if ('HTTP' === set || 'HTTP2' === set) { + process.emitWarning('Setting the NODE_DEBUG environment variable ' + + 'to \'' + set.toLowerCase() + '\' can expose sensitive ' + + 'data (such as passwords, tokens and authentication headers) ' + + 'in the resulting log.'); + } +} + function debuglog(set) { set = set.toUpperCase(); if (!debugs[set]) { if (debugEnvRegex.test(set)) { const pid = process.pid; + emitWarningIfNeeded(set); debugs[set] = function debug() { const msg = exports.format.apply(exports, arguments); console.error('%s %d: %s', set, pid, msg); diff --git a/test/parallel/test-http-conn-reset.js b/test/parallel/test-http-conn-reset.js index ffb3aa07551bfd..7d0509a89ff68e 100644 --- a/test/parallel/test-http-conn-reset.js +++ b/test/parallel/test-http-conn-reset.js @@ -30,6 +30,7 @@ const options = { port: undefined }; +process.env.NODE_DEBUG = 'http'; // start a tcp server that closes incoming connections immediately const server = net.createServer(function(client) { client.destroy(); diff --git a/test/parallel/test-http-debug.js b/test/parallel/test-http-debug.js new file mode 100644 index 00000000000000..4b1c093c663974 --- /dev/null +++ b/test/parallel/test-http-debug.js @@ -0,0 +1,14 @@ +'use strict'; + +require('../common'); +const assert = require('assert'); +const child_process = require('child_process'); +const path = require('path'); + +process.env.NODE_DEBUG = 'http'; +const { stderr } = child_process.spawnSync(process.execPath, [ + path.resolve(__dirname, 'test-http-conn-reset.js') +], { encoding: 'utf8' }); + +assert(stderr.match(/Setting the NODE_DEBUG environment variable to 'http' can expose sensitive data \(such as passwords, tokens and authentication headers\) in the resulting log\./), + stderr); diff --git a/test/parallel/test-http2-debug.js b/test/parallel/test-http2-debug.js index e80c9e362815fd..ad86e76ab75771 100644 --- a/test/parallel/test-http2-debug.js +++ b/test/parallel/test-http2-debug.js @@ -7,10 +7,13 @@ const child_process = require('child_process'); const path = require('path'); process.env.NODE_DEBUG_NATIVE = 'http2'; +process.env.NODE_DEBUG = 'http2'; const { stdout, stderr } = child_process.spawnSync(process.execPath, [ path.resolve(__dirname, 'test-http2-ping.js') ], { encoding: 'utf8' }); +assert(stderr.match(/Setting the NODE_DEBUG environment variable to 'http2' can expose sensitive data \(such as passwords, tokens and authentication headers\) in the resulting log\./), + stderr); assert(stderr.match(/Http2Session client \(\d+\) handling data frame for stream \d+/), stderr); assert(stderr.match(/HttpStream \d+ \(\d+\) \[Http2Session client \(\d+\)\] reading starting/),