Skip to content

Configure default sensitive fields #24

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 11 commits into from
Apr 10, 2025
Merged

Configure default sensitive fields #24

Changes from 1 commit
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
8f53ded
Configure initial sensitive fields
Mar 27, 2025
03fb3f5
Fixed to define default sensitive attr
Mar 27, 2025
ca12abc
Constructor and sensitiveAttributes compatible with both old/new style
Mar 27, 2025
17bec45
resetSensitiveAttributes no needed
Mar 27, 2025
6f05e19
Separate interfaces for options and sensitive attr
Mar 27, 2025
b2498ae
Normalizes the log options
Mar 27, 2025
5d55bac
Normalize constructor options
Mar 27, 2025
09efea5
Update doc for new sensitive fields features
Apr 4, 2025
2a44e21
lower case the updated defaultSensitiveAttributes
Apr 4, 2025
c402ca2
Update unit test
Apr 4, 2025
c9beda6
Minor fix review
Apr 7, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
55 changes: 38 additions & 17 deletions src/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,12 @@ import type {
ErrorLogAttributes,
} from "./types";

interface LoggerOptions {
correlationId?: string | null;
additionalSensitiveAttributes?: StringArray;
overrideSensitiveAttributes?: StringArray;
}

const LOG_EVENT = env.get("SG_LOGGER_LOG_EVENT").default("true").asBool();
const MASK_SECRETS = env.get("SG_LOGGER_MASK").default("true").asBool();
const MAX_SIZE = env.get("SG_LOGGER_MAX_SIZE").default(MAX_PAYLOAD_SIZE).asInt();
Expand All @@ -36,24 +42,45 @@ const LOG_LEVEL = env

class Logger {
static METRIC_UNITS = MetricUnitList;
private static readonly DEFAULT_SENSITIVE_ATTRIBUTES: StringArray = [
"password",
"userid",
"token",
"secret",
"key",
"x-api-key",
"bearer",
"authorization",
];

private serviceName: string;
private correlationId: string;
private resetCorrelationId: boolean;
private applicationName: string;
private persistentContext: JSONObject;
private console: Console;
private defaultSensitiveAttributes: StringArray;

constructor(serviceName: string, applicationName: string, correlationId: string | null = null) {
constructor(serviceName: string, applicationName: string, options: LoggerOptions = {}) {
this.serviceName = serviceName;
this.correlationId = correlationId ? correlationId : randomUUID();
this.resetCorrelationId = correlationId ? false : true;
this.correlationId = options.correlationId ? options.correlationId : randomUUID();
this.resetCorrelationId = options.correlationId ? false : true;
this.applicationName = applicationName;
this.persistentContext = {};
this.console =
env.get("AWS_LAMBDA_LOG_FORMAT").asString() === "JSON"
? new Console((process.stdout, process.stderr))
: console;

// Initialize default sensitive attributes
this.defaultSensitiveAttributes = [...Logger.DEFAULT_SENSITIVE_ATTRIBUTES];

// Handle custom sensitive attributes
if (options.overrideSensitiveAttributes) {
this.defaultSensitiveAttributes = options.overrideSensitiveAttributes;
} else if (options.additionalSensitiveAttributes) {
this.defaultSensitiveAttributes = [...this.defaultSensitiveAttributes, ...options.additionalSensitiveAttributes];
}
}

getLogLevel(level: Level): number {
Expand All @@ -79,18 +106,6 @@ class Logger {
}

try {
// Default sensitive attributes
const defaultSensitiveAttributes: StringArray = [
"password",
"userid",
"token",
"secret",
"key",
"x-api-key",
"bearer",
"authorization",
];

const arrayToLowerCase = (array: StringArray): StringArray => {
if (Array.isArray(array)) {
return array.filter((el) => typeof el === "string").map((el) => el.toLowerCase());
Expand All @@ -99,7 +114,7 @@ class Logger {
};

// Merge default sensitive attributes with custom ones
const attributesToMask = new Set([...defaultSensitiveAttributes, ...arrayToLowerCase(sensitiveAttributes)]);
const attributesToMask = new Set([...this.defaultSensitiveAttributes, ...arrayToLowerCase(sensitiveAttributes)]);

// Mask sensitive attributes, remove null
const maskSensitiveAttributes = (key: string, value: JSONValue): JSONValue | string | undefined => {
Expand Down Expand Up @@ -243,7 +258,7 @@ class Logger {
default:
break;
}
} catch {}
} catch { }
}

info(
Expand Down Expand Up @@ -363,6 +378,12 @@ class Logger {
return false; // Parsing failed, so it's not JSON
}
}

resetSensitiveAttributes(): void {
this.defaultSensitiveAttributes = [...Logger.DEFAULT_SENSITIVE_ATTRIBUTES];
// Clear any custom sensitive attributes that were added through log methods
this.log("info", "Sensitive attributes have been reset to defaults", {}, {}, []);
}
}

export { Logger };
Loading