@zenvia/logger
Advanced tools
Comparing version 1.6.1 to 1.6.2
{ | ||
"name": "@zenvia/logger", | ||
"version": "1.6.1", | ||
"version": "1.6.2", | ||
"description": "A wrapper for Winston Logging Node.js library that formats the output on STDOUT as Logstash JSON format.", | ||
@@ -5,0 +5,0 @@ "license": "MIT", |
@@ -13,21 +13,3 @@ /* eslint-disable prefer-rest-params */ | ||
const sanitizeInfo = (info) => { | ||
const sanitizeCRLFInjection = (str) => str | ||
.replace(/\n|\r/g, (x) => (x === '\n' ? '#n' : '#r')); | ||
Object.keys(info).forEach((key) => { | ||
if (typeof info[key] === 'string') { | ||
info[key] = sanitizeCRLFInjection(info[key]); | ||
return; | ||
} | ||
if (info[key] instanceof Function) { | ||
delete info[key]; | ||
} | ||
}); | ||
}; | ||
const customFormatJson = winston.format((info) => { | ||
sanitizeInfo(info); | ||
let stack; | ||
@@ -53,2 +35,8 @@ | ||
Object.keys(info).forEach((key) => { | ||
if (info[key] instanceof Function) { | ||
delete info[key]; | ||
} | ||
}); | ||
return info; | ||
@@ -55,0 +43,0 @@ }); |
@@ -73,2 +73,17 @@ const os = require('os'); | ||
it('should remove attributes that are log functions, leaving only the @timestamp, application, message and level fields', () => { | ||
logger.info('some message', { field1: () => {} }); | ||
const expectedOutput = { | ||
'@timestamp': '2018-06-05T18:20:42.345Z', | ||
'@version': 1, | ||
application: 'application-name', | ||
host: os.hostname(), | ||
message: 'some message', | ||
level: 'INFO', | ||
}; | ||
const actualOutput = stdMocks.flush().stdout[0]; | ||
JSON.parse(actualOutput).should.be.deep.equal(expectedOutput); | ||
}); | ||
it('should log @timestamp, application, message, level and environment fields', () => { | ||
@@ -245,46 +260,2 @@ process.env.NODE_ENV = 'test'; | ||
describe('Logging format', () => { | ||
it('should replace LF characters from log (POSIX systems)', () => { | ||
logger.debug(`some message | ||
other CRLF injection message`); | ||
const expectedOutput = { | ||
'@timestamp': '2018-06-05T18:20:42.345Z', | ||
'@version': 1, | ||
application: 'application-name', | ||
host: os.hostname(), | ||
message: 'some message#nother CRLF injection message', | ||
level: 'DEBUG', | ||
}; | ||
const actualOutput = stdMocks.flush().stdout[0]; | ||
JSON.parse(actualOutput).should.be.deep.equal(expectedOutput); | ||
logger.debug('some\n CRLF\n injection\n message'); | ||
const expectedOutput2 = { | ||
'@timestamp': '2018-06-05T18:20:42.345Z', | ||
'@version': 1, | ||
application: 'application-name', | ||
host: os.hostname(), | ||
message: 'some#n CRLF#n injection#n message', | ||
level: 'DEBUG', | ||
}; | ||
const actualOutput2 = stdMocks.flush().stdout[0]; | ||
JSON.parse(actualOutput2).should.be.deep.equal(expectedOutput2); | ||
}); | ||
it('should replace CRLF characters from log (Windows systems)', () => { | ||
logger.debug('some\r\n CRLF\r\n injection\r\n message'); | ||
const expectedOutput = { | ||
'@timestamp': '2018-06-05T18:20:42.345Z', | ||
'@version': 1, | ||
application: 'application-name', | ||
host: os.hostname(), | ||
message: 'some#r#n CRLF#r#n injection#r#n message', | ||
level: 'DEBUG', | ||
}; | ||
const actualOutput = stdMocks.flush().stdout[0]; | ||
JSON.parse(actualOutput).should.be.deep.equal(expectedOutput); | ||
}); | ||
it('should get not format when LOGGING_FORMATTER_DISABLED environment is true', () => { | ||
@@ -291,0 +262,0 @@ delete require.cache[require.resolve('../../src/lib/logger')]; |
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
32552
538
43