If Cloudcode function failed, log may print the password clearly. #3789
Comments
|
Can you open a pull request for that issue? |
|
Yes ! I will open a pull request for that issue.
发自网易邮箱大师
On 05/08/2017 19:36, Florent Vilmart wrote:
Can you open a pull request for that issue?
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub, or mute the thread.
|
|
Thanks! |
This was referenced May 9, 2017
Merged
|
@youngerong How are you debugging your cloud code? I can't find how and I need exactly what you use in your screenshot thanks in advance |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I add a cloudcode function, the input params has username, password and so on. If the cloudcode function went error, I will log the error like this:
res.error(1002,'verify code error');
But I see Parse Server record the error information in the log file like this:
Failed running cloud function signUp for user undefined with:
Input: {"phone":"13151594883","password":"********","verifyCode":"773172","username":"86-13151594883","area":"86"}
Error: {"code":1002,"message":"verify code error"} functionName=signUp, code=1002, message=verify code error, phone=13151594883, password=123456, verifyCode=773172, username=86-13151594883, area=86, user=undefined
We can see the error information change the input password to "********",but print the password in the param list clearly.
So I debug the code and find out the reason.
Controllers/LoggerController.js has a function called maskSensitive, every log message will be checked if need to make it sensitive. But when log the param list, input parameter is an Object with params including username ,password and so on. The function just check "if (e.body)", did not check "e.params", so I add it to solve this problem.
if (e.body) {
for (let key of Object.keys(e.body)) {
if (key === 'password') {
e.body[key] = '********';
break;
}
}
}
The text was updated successfully, but these errors were encountered: