Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(HTTP Request Node): Sanitize authorization headers #10607

Merged
merged 4 commits into from
Aug 29, 2024
Merged

fix(HTTP Request Node): Sanitize authorization headers #10607

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
f4665c8
Redact authorization headers
ShireenMissi Aug 29, 2024
dbbfdaf
Add one more tests
ShireenMissi Aug 29, 2024
34bda8b
Remove comment
ShireenMissi Aug 29, 2024
5b4f1b5
Redact more header keys
ShireenMissi Aug 29, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 8 additions & 1 deletion packages/nodes-base/nodes/HttpRequest/GenericFunctions.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,14 @@ export function sanitizeUiMessage(
),
};
}

//redact headers with Base64 encoded credentials
ShireenMissi marked this conversation as resolved.
Show resolved Hide resolved
const headers = sendRequest.headers as IDataObject;
if (headers) {
const headerKey = Object.keys(headers).find((key) => key.toLowerCase() === 'authorization');
if (headerKey) {
headers[headerKey] = REDACTED;
}
}
ShireenMissi marked this conversation as resolved.
Show resolved Hide resolved
if (secrets && secrets.length > 0) {
return redact(sendRequest, secrets);
}
Expand Down
50 changes: 50 additions & 0 deletions packages/nodes-base/nodes/HttpRequest/test/utils/utils.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -136,5 +136,55 @@ describe('HTTP Node Utils', () => {
uri: 'https://example.com',
});
});
it('should redact the Authorization header', () => {
const requestOptions: IRequestOptions = {
method: 'POST',
uri: 'https://example.com',
body: { sessionToken: 'secret', other: 'foo' },
headers: { authorization: 'Bearer some-sensitive-token', other: 'foo' },
ShireenMissi marked this conversation as resolved.
Show resolved Hide resolved
auth: { user: 'user', password: 'secret' },
};
const authDataKeys = {};
const sanitizedRequest = sanitizeUiMessage(requestOptions, authDataKeys);

expect(sanitizedRequest.headers).toEqual({ authorization: REDACTED, other: 'foo' });
});

it('should redact the Authorization header when the key starts with an uppercase letter', () => {
const requestOptions: IRequestOptions = {
method: 'POST',
uri: 'https://example.com',
body: { sessionToken: 'secret', other: 'foo' },
headers: { Authorization: 'Basic another-sensitive-token', other: 'foo' },
auth: { user: 'user', password: 'secret' },
};
const authDataKeys = {};
const sanitizedRequest = sanitizeUiMessage(requestOptions, authDataKeys);

expect(sanitizedRequest.headers).toEqual({ Authorization: REDACTED, other: 'foo' });
});

it('should leave headers unchanged if Authorization header is not present', () => {
const requestOptions: IRequestOptions = {
method: 'POST',
uri: 'https://example.com',
body: { sessionToken: 'secret', other: 'foo' },
headers: { other: 'foo' },
auth: { user: 'user', password: 'secret' },
};
const authDataKeys = {};
const sanitizedRequest = sanitizeUiMessage(requestOptions, authDataKeys);

expect(sanitizedRequest.headers).toEqual({ other: 'foo' });
});

it('should handle case when headers are undefined', () => {
const requestOptions: IRequestOptions = {};

const authDataKeys = {};
const sanitizedRequest = sanitizeUiMessage(requestOptions, authDataKeys);

expect(sanitizedRequest.headers).toBeUndefined();
});
});
});
Loading