Skip to content

Commit

Permalink
Add additional tests to ensure redaction does not leak
Browse files Browse the repository at this point in the history
  • Loading branch information
JoshMock committed Mar 7, 2024
1 parent af8ff61 commit a0136dc
Show file tree
Hide file tree
Showing 2 changed files with 47 additions and 1 deletion.
11 changes: 10 additions & 1 deletion test/unit/errors.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -187,4 +187,13 @@ test('redaction does not transform array properties into objects', t => {

t.equal(Array.isArray(errResponse.body.error.root_cause), true)
t.end()
})
})

test('redaction does leak back to original object', t => {
const diags = makeDiagnostics()
diags.forEach(diag => {
const err = new errors.TimeoutError('timeout', diag)
t.not(err?.meta?.headers?.authorization, diag.headers?.authorization)
})
t.end()
})
37 changes: 37 additions & 0 deletions test/unit/transport.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -2138,3 +2138,40 @@ test('Error additional key redaction', async t => {
}
server.stop()
})

test('redaction does not get leaked to original object', async t => {
t.plan(1)
function handler (_req: http.IncomingMessage, res: http.ServerResponse) {
setTimeout(() => res.end('ok'), 100)
}
const [{ port }, server] = await buildServer(handler)

const pool = new WeightedConnectionPool({ Connection: UndiciConnection })
pool.addConnection(`http://localhost:${port}`)

const transport = new Transport({
connectionPool: pool,
requestTimeout: 50,
})

const original = {
meta: true,
headers: {
authorization: '**-the--secret--code-**'
}
}

try {
await transport.request({
path: '/hello',
method: 'GET'
}, original)
} catch (err: any) {
if (err instanceof TimeoutError) {
t.match(original.headers.authorization, '**-the--secret--code-**')
} else {
t.fail(`should not be called, got error: ${err}`)
}
}
server.stop()
})

0 comments on commit a0136dc

Please sign in to comment.