chore: Tests to ensure redaction does not leak back to original data (#…

…86)
elastic · Mar 7, 2024 · fde45c1 · fde45c1
1 parent af8ff61
commit fde45c1
Show file tree

Hide file tree

Showing 2 changed files with 47 additions and 1 deletion.
diff --git a/test/unit/errors.test.ts b/test/unit/errors.test.ts
@@ -187,4 +187,13 @@ test('redaction does not transform array properties into objects', t => {
 
   t.equal(Array.isArray(errResponse.body.error.root_cause), true)
   t.end()
-})
+})
+
+test('redaction does leak back to original object', t => {
+  const diags = makeDiagnostics()
+  diags.forEach(diag => {
+    const err = new errors.TimeoutError('timeout', diag)
+    t.not(err?.meta?.headers?.authorization, diag.headers?.authorization)
+  })
+  t.end()
+})
diff --git a/test/unit/transport.test.ts b/test/unit/transport.test.ts
@@ -2138,3 +2138,40 @@ test('Error additional key redaction', async t => {
   }
   server.stop()
 })
+
+test('redaction does not get leaked to original object', async t => {
+  t.plan(1)
+  function handler (_req: http.IncomingMessage, res: http.ServerResponse) {
+    setTimeout(() => res.end('ok'), 100)
+  }
+  const [{ port }, server] = await buildServer(handler)
+
+  const pool = new WeightedConnectionPool({ Connection: UndiciConnection })
+  pool.addConnection(`http://localhost:${port}`)
+
+  const transport = new Transport({
+    connectionPool: pool,
+    requestTimeout: 50,
+  })
+
+  const original = {
+    meta: true,
+    headers: {
+      authorization: '**-the--secret--code-**'
+    }
+  }
+
+  try {
+    await transport.request({
+      path: '/hello',
+      method: 'GET'
+    }, original)
+  } catch (err: any) {
+    if (err instanceof TimeoutError) {
+      t.match(original.headers.authorization, '**-the--secret--code-**')
+    } else {
+      t.fail(`should not be called, got error: ${err}`)
+    }
+  }
+  server.stop()
+})