Conversation
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
|
|
||
| if (this.isCreateUserRequest(request.method, request.originalUrl)) { | ||
| this.logger.warn( | ||
| `400 Request Body: ${JSON.stringify(sanitizeForLogging(request.body))}`, |
There was a problem hiding this comment.
[correctness]
Consider handling potential JSON serialization errors when logging the request body. If request.body contains circular references or non-serializable values, JSON.stringify will throw an error.
| if (typeof responseMessage === 'string') { | ||
| return responseMessage; | ||
| } | ||
| return JSON.stringify(sanitizeForLogging(responseMessage)); |
There was a problem hiding this comment.
[❗❗ security]
Ensure that sanitizeForLogging is robust against all types of input, especially since it is used to sanitize potentially sensitive data before logging. If responseMessage contains complex structures, ensure that the sanitizer handles them appropriately.
|
|
||
| if (this.shouldLogCreateUserBody(method, originalUrl)) { | ||
| this.logger.debug( | ||
| `---> Request Body: ${JSON.stringify(sanitizeForLogging(req.body))}`, |
There was a problem hiding this comment.
[correctness]
Consider handling potential errors from JSON.stringify when logging the request body. If req.body contains circular references, JSON.stringify will throw an error, which could disrupt the logging process.
| return false; | ||
| } | ||
|
|
||
| const pathOnly = originalUrl.split('?')[0]; |
There was a problem hiding this comment.
[correctness]
The use of originalUrl.split('?')[0] to extract the path might not handle edge cases where the URL contains encoded characters or unusual structures. Consider using a more robust URL parsing method to ensure accuracy.
| const REDACTED = '[REDACTED]'; | ||
|
|
||
| function normalizeKey(key: string): string { | ||
| return key.toLowerCase().replace(/[^a-z0-9]/g, ''); |
There was a problem hiding this comment.
[correctness]
The normalizeKey function replaces all non-alphanumeric characters with an empty string. Consider whether this might lead to unintended key collisions, especially if keys differ only by special characters.
| ); | ||
| } | ||
|
|
||
| function sanitizeValue(value: unknown, seen: WeakSet<object>): unknown { |
There was a problem hiding this comment.
[correctness]
The sanitizeValue function uses a WeakSet to track seen objects and prevent circular references. Ensure that all potential object types that might be logged are compatible with WeakSet, as it only accepts objects as keys.
| return value; | ||
| } | ||
|
|
||
| if (Buffer.isBuffer(value)) { |
There was a problem hiding this comment.
[correctness]
The check for Buffer.isBuffer(value) assumes that the environment supports Node.js Buffers. If this code is intended to run in environments where Buffers are not available, consider adding a check for Buffer existence.
1 participant
No description provided.