		@@ -1,3 +0,38 @@
		var uuid = require("uuid/v4");
		const { v4: uuid } = require('uuid');

		/* FIELD CONFIGURATION
		*
		* Config description:
		*
		* name: The name of the field in log output
		* mandatory: If true: Use default value OR fallback function result if value is null. If false: omit field, if value is null.
		* core: If true: Add field also to message logs
		* envVarRedact: If set:
		* Only log this field, if specified environment variable is set to "true".
		* If specified environment variable is not set to "true" or not present, field gets omitted. This is also affects
		* fields marked as mandatory.
		* envVarRedact: If set:
		* Only log this field, if specified environment variable is set to "true".
		* If specified environment variable is not set to "true" or not present, field gets set to "redacted" if it is not
		* set to its default value or null.
		* source: Source of the field value.
		* type: One of
		* "static": use value from value field.
		* "env": read value from environment variable.
		* "nested-env": read value from environment variable with json object. Select variable and field by specifying a path.
		* "self": copy value from another configured field.
		* "header": read value from request/response header.
		* "field": read value from request/response object.
		* "time": intended to be used for time/duration calculations.
		* calls method pre(req, res, logObject) when a request arrives. The log field gets set to the returned value.
		* calls method post(req, res, logObject) when the response got sent. The log field gets set to the returned value.
		* "special": calls the fallback(req, res, logObject) directly and sets the log field to the returned value.
		* name: Key name for "env", "self", "header" and "field" sources.
		* path: Path for "nested-env" source.
		* value: Value for "static" source.
		* parent: Parent for "header" and "field" source: Can be "req" to access the request and "res" to access the response.
		* pre: Define a pre(req, res, logObject) function for time source.
		* post: Define a post(req, res, logObject) function for time source.
		*/

		var config = [
		@@ -178,3 +213,3 @@ {
		mandatory: true,
		envVarSwitch: "LOG_SENSITIVE_CONNECTION_DATA",
		envVarRedact: "LOG_SENSITIVE_CONNECTION_DATA",
		source: {
		@@ -189,3 +224,3 @@ type: "special"
		mandatory: true,
		envVarSwitch: "LOG_SENSITIVE_CONNECTION_DATA",
		envVarRedact : "LOG_SENSITIVE_CONNECTION_DATA",
		source: {
		@@ -200,3 +235,3 @@ type: "special"
		mandatory: true,
		envVarSwitch: "LOG_REMOTE_USER",
		envVarRedact: "LOG_REMOTE_USER",
		source: {
		@@ -215,14 +250,5 @@ type: "header",
		}, {
		name: "x_forwarded_for",
		mandatory: true,
		envVarSwitch: "LOG_SENSITIVE_CONNECTION_DATA",
		source: {
		type: "header",
		name: "x-forwarded-for"
		},
		default: ""
		}, {
		name: "remote_ip",
		mandatory: false,
		envVarSwitch: "LOG_SENSITIVE_CONNECTION_DATA",
		envVarRedact: "LOG_SENSITIVE_CONNECTION_DATA",
		source: {
		@@ -272,3 +298,3 @@ type: "self",
		mandatory: true,
		envVarSwitch: "LOG_REFERER",
		envVarRedact: "LOG_REFERER",
		source: {
		@@ -304,2 +330,106 @@ type: "header",
		default: "-"
		}, {
		name: "x_forwarded_for",
		mandatory: false,
		envVarRedact: "LOG_SENSITIVE_CONNECTION_DATA",
		source: {
		type: "header",
		name: "x-forwarded-for"
		}
		}, {
		name: "x_custom_host",
		mandatory: false,
		envVarRedact: "LOG_SENSITIVE_CONNECTION_DATA",
		source: {
		type: "header",
		name: "x-custom-host"
		}
		}, {
		name: "x_forwarded_host",
		mandatory: false,
		envVarRedact: "LOG_SENSITIVE_CONNECTION_DATA",
		source: {
		type: "header",
		name: "x-forwarded-host"
		}
		}, {
		name: "x_forwarded_proto",
		mandatory: false,
		envVarRedact: "LOG_SENSITIVE_CONNECTION_DATA",
		source: {
		type: "header",
		name: "x-forwarded-proto"
		}
		}, {
		name: "x_ssl_client",
		mandatory: true,
		envVarSwitch: "LOG_SSL_HEADERS",
		source: {
		type: "header",
		name: "x-ssl-client"
		},
		default: "-"
		}, {
		name: "x_ssl_client_verify",
		mandatory: true,
		envVarSwitch: "LOG_SSL_HEADERS",
		source: {
		type: "header",
		name: "x-ssl-client-verify"
		},
		default: "-"
		}, {
		name: "x_ssl_client_subject_dn",
		mandatory: true,
		envVarSwitch: "LOG_SSL_HEADERS",
		source: {
		type: "header",
		name: "x-ssl-client-subject-dn"
		},
		default: "-"
		}, {
		name: "x_ssl_client_subject_cn",
		mandatory: true,
		envVarSwitch: "LOG_SSL_HEADERS",
		source: {
		type: "header",
		name: "x-ssl-client-subject-cn"
		},
		default: "-"
		}, {
		name: "x_ssl_client_issuer_dn",
		mandatory: true,
		envVarSwitch: "LOG_SSL_HEADERS",
		source: {
		type: "header",
		name: "x-ssl-client-issuer-dn"
		},
		default: "-"
		}, {
		name: "x_ssl_client_notbefore",
		mandatory: true,
		envVarSwitch: "LOG_SSL_HEADERS",
		source: {
		type: "header",
		name: "x-ssl-client-notbefore"
		},
		default: "-"
		}, {
		name: "x_ssl_client_notafter",
		mandatory: true,
		envVarSwitch: "LOG_SSL_HEADERS",
		source: {
		type: "header",
		name: "x-ssl-client-notafter"
		},
		default: "-"
		}, {
		name: "x_ssl_client_session_id",
		mandatory: true,
		envVarSwitch: "LOG_SSL_HEADERS",
		source: {
		type: "header",
		name: "x-ssl-client-session-id"
		},
		default: "-"
		}
		@@ -309,2 +439,2 @@ ];

		exports.config = config;
		exports.config = config;

core/log-core.js

		const util = require("util");
		const os = require("os");
		const uuid = require("uuid/v4");
		const { v4: uuid } = require('uuid');
		const jwt = require("jsonwebtoken");
		@@ -92,3 +92,3 @@ const stringifySafe = require('json-stringify-safe');
		//Reading bindings from context
		var boundServices = JSONparseSave(process.env.VCAP_SERVICES);
		var boundServices = parseJSONSafe(process.env.VCAP_SERVICES);
		if(boundServices["application-logs"]) {
		@@ -103,3 +103,3 @@ cfCustomEnabled = true;

		var JSONparseSave = function (value) {
		var parseJSONSafe = function (value) {
		var tmp = {};
		@@ -120,3 +120,3 @@ if(value)

		// Seperate core configuration (processed once, included in network and message logs) and
		// Separate core configuration (processed once, included in network and message logs) and
		// pre and post configuration (processed before and after request handling)
		@@ -133,3 +133,3 @@ var precompileConfig = function (config) {

		// Check if config field needs a set env var to be enabled. If specified env var does not exist, the resulting log field will be replaced by REDUCED_PLACEHOLDER
		// Check if config field needs a set env var to be enabled. If specified env var does not exist the log field gets omitted.
		if (obj.envVarSwitch != null) {
		@@ -139,2 +139,11 @@ var val = process.env[obj.envVarSwitch];
		if (!pass) {
		continue;
		}
		}

		// Check if config field needs a set env var to be written as is. If specified env var does not exist the resulting log field will set to REDUCED_PLACEHOLDER.
		if (obj.envVarRedact != null) {
		var val = process.env[obj.envVarRedact];
		var pass = (val == "true" \|\| val == "True" \|\| val == "TRUE");
		if (!pass) {
		obj.reduce = true;
		@@ -424,3 +433,3 @@ }
		//
		// With addtional numeric value
		// With additional numeric value
		// logMessage("info", "Listening on port %d", 5000); >> ... "msg":"Listening on port 5000" ...
		@@ -427,0 +436,0 @@ //

docs/advanced-usage/03-sensitive-data-reduction.md

		@@ -10,16 +10,38 @@ ---
		# Sensitive data redaction
		Version 3.0.0 and above implement a sensitive data redaction system which disables logging of sensitive fields.
		These fields will contain 'redacted' instead of the original content.

		Following fields are redacted by default: `remote_ip`, `remote_host`, `remote_port`, `x_forwarded_for`, `remote_user` and `referer`.
		Version 3.0.0 and above implement a sensitive data redaction system which disables logging of sensitive fields.
		These fields will contain 'redacted' instead of the original content or are omitted.

		Following fields are redacted by default:

		- `remote_ip`
		- `remote_host`
		- `remote_port`
		- `x_forwarded_for`
		- `x_forwarded_host`
		- `x_forwarded_proto`
		- `x_custom_host`
		- `remote_user`
		- `referer`

		Following fields are omitted by default:

		- `x_ssl_client`
		- `x_ssl_client_verify`
		- `x_ssl_client_subject_dn`
		- `x_ssl_client_subject_cn`
		- `x_ssl_client_issuer_dn`
		- `x_ssl_client_notbefore`
		- `x_ssl_client_notafter`
		- `x_ssl_client_session_id`

		In order to activate usual logging for all or some of these fields you have to set specific environment variables:

		\| Environment Variable \| Optional fields \|
		\|-------------------------------------------\|---------------------------------------------------------------------------\|
		\| ```LOG_SENSITIVE_CONNECTION_DATA: true``` \| activates the fields remote_ip, remote_host, remote_port, x_forwarded_for \|
		\| ```LOG_REMOTE_USER: true``` \| activates the field remote_user \|
		\| ```LOG_REFERER: true``` \| activates the field referer \|
		\| Environment Variable \| Optional fields \|
		\|-------------------------------------------\|------------------------------------------------------------------------------------------------------\|
		\| ```LOG_SENSITIVE_CONNECTION_DATA: true``` \| activates the fields `remote_ip`, `remote_host`, `remote_port`, `x_forwarded_*` and `x_custom_host` \|
		\| ```LOG_REMOTE_USER: true``` \| activates the field `remote_user` \|
		\| ```LOG_REFERER: true``` \| activates the field `referer` \|
		\| ```LOG_SSL_HEADERS: true``` \| activates the ssl header fields `x_ssl_*` \|


		This behavior matches with the corresponding mechanism in the [CF Java Logging Support](https://github.com/SAP/cf-java-logging-support/wiki/Overview#logging-sensitive-user-data) library.
		This behavior matches with the corresponding mechanism in the [CF Java Logging Support](https://github.com/SAP/cf-java-logging-support/wiki/Overview#logging-sensitive-user-data) library.

logger/log-connect.js

		@@ -14,3 +14,3 @@ // Log network activity for express applications

		//rendering the given arguments failsave against missing fields
		//rendering the given arguments failsafe against missing fields
		if (req.connection == null) {
		@@ -17,0 +17,0 @@ req.connection = {};

logger/log-express.js

		@@ -14,3 +14,3 @@ // Log network activity for express applications

		//rendering the given arguments failsave against missing fields
		//rendering the given arguments failsafe against missing fields
		if (typeof req.header != "function") {
		@@ -17,0 +17,0 @@ req.header = function () {

logger/log-plainhttp.js

		@@ -15,3 +15,3 @@ // Log network activity for express applications

		//rendering the given arguments failsave against missing fields
		//rendering the given arguments failsafe against missing fields
		if (req.connection == null) {
		@@ -18,0 +18,0 @@ req.connection = {};

logger/log-restify.js

		@@ -11,5 +11,7 @@ // Log network activity for restify applications
		var logNetwork = function (req, res, next) {
		var logSent = false;

		var logObject = core.initRequestLog();

		//rendering the given arguments failsave against missing fields
		//rendering the given arguments failsafe against missing fields
		if (typeof req.header != "function") {
		@@ -32,3 +34,2 @@ req.header = function () {


		var fallbacks = [];
		@@ -79,3 +80,2 @@ var selfReferences = [];


		var token = req.header(core.getDynLogLevelHeaderName());
		@@ -86,49 +86,52 @@ core.bindDynLogLevel(token, req.logger);

		if (!logSent) {
		var postConfig = core.getPostLogConfig();
		var fallbacks = [];
		var selfReferences = [];
		for (var i = 0; i < postConfig.length; i++) {
		configEntry = postConfig[i];

		var postConfig = core.getPostLogConfig();
		var fallbacks = [];
		var selfReferences = [];
		for (var i = 0; i < postConfig.length; i++) {
		configEntry = postConfig[i];
		switch (configEntry.source.type) {
		case "header":
		logObject[configEntry.name] = res.get(configEntry.source.name);
		break;
		case "field":
		logObject[configEntry.name] = res[configEntry.source.name];
		break;
		case "self":
		selfReferences[configEntry.name] = configEntry.source.name;
		break;
		case "time":
		logObject[configEntry.name] = configEntry.source.post(req, res, logObject);
		break;
		case "special":
		fallbacks[configEntry.name] = configEntry.fallback;
		break;
		}

		switch (configEntry.source.type) {
		case "header":
		logObject[configEntry.name] = res.get(configEntry.source.name);
		break;
		case "field":
		logObject[configEntry.name] = res[configEntry.source.name];
		break;
		case "self":
		selfReferences[configEntry.name] = configEntry.source.name;
		break;
		case "time":
		logObject[configEntry.name] = configEntry.source.post(req, res, logObject);
		break;
		case "special":
		fallbacks[configEntry.name] = configEntry.fallback;
		break;
		core.handleConfigDefaults(configEntry, logObject, fallbacks);
		}

		core.handleConfigDefaults(configEntry, logObject, fallbacks);
		}
		for (var kFallback in fallbacks) {
		logObject[kFallback] = fallbacks[kFallback](req, res, logObject);
		}

		for (var kFallback in fallbacks) {
		logObject[kFallback] = fallbacks[kFallback](req, res, logObject);
		}
		for (var kSelfReference in selfReferences) {
		logObject[kSelfReference] = logObject[selfReferences[kSelfReference]];
		}

		for (var kSelfReference in selfReferences) {
		logObject[kSelfReference] = logObject[selfReferences[kSelfReference]];
		}
		// write custom fields (from context and global context)
		core.writeCustomFields(logObject, req.logger, {});

		// write custom fields (from context and global context)
		core.writeCustomFields(logObject, req.logger, {});
		//override values with predefined values
		core.writeStaticFields(logObject);

		//override values with predefined values
		core.writeStaticFields(logObject);
		// Replace all set fields, which are marked to be reduced, with a placeholder (defined in log-core.js)
		core.reduceFields(postConfig, logObject);

		// Replace all set fields, which are marked to be reduced, with a placeholder (defined in log-core.js)
		core.reduceFields(postConfig, logObject);
		if (core.checkLoggingLevel(logObject.level, req.logger))
		core.sendLog(logObject);

		if (core.checkLoggingLevel(logObject.level, req.logger))
		core.sendLog(logObject);
		logSent = true;
		}
		});
		@@ -135,0 +138,0 @@

package.json

		{
		"name": "cf-nodejs-logging-support",
		"version": "6.9.0",
		"version": "6.10.0",
		"description": "Logging tool for Cloud Foundry",
		@@ -18,2 +18,3 @@ "keywords": [
		},
		"homepage": "https://sap.github.io/cf-nodejs-logging-support/",
		"main": "./index.js",
		@@ -26,3 +27,3 @@ "engines": {
		"jsonwebtoken": "^8.5.1",
		"uuid": "^3.3.3"
		"uuid": "^8.3.2"
		},
		@@ -29,0 +30,0 @@ "devDependencies": {

cf-nodejs-logging-support - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Worsened metrics

Dependency changes