Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add requestLogger middleware #70

Open
wants to merge 3 commits into
base: dev
Choose a base branch
from
Open

Add requestLogger middleware #70

wants to merge 3 commits into from

Conversation

tanuj-shardeum
Copy link

No description provided.

@github-actions GitHub Actions
Copy link

github-actions bot commented Oct 9, 2024

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 3 🔵🔵🔵⚪⚪
🧪 No relevant tests
🔒 No security concerns identified
⚡ Recommended focus areas for review

Performance Concern
The middleware captures and logs extensive details about each request and response, which might significantly impact performance, especially under high load. Consider adding a feature to dynamically enable/disable detailed logging or reduce the amount of logged information.

Error Handling
The middleware attempts to parse the response body as JSON without checking the content type, which could lead to unnecessary parsing errors or exceptions if the response is not in JSON format.

github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 9, 2024
View reviewed changes
src/middlewares/requestLogger.ts
Comment on lines +50 to +57
`Request URL: ${req.originalUrl} ||` +
` Response Status Code: ${res.statusCode} ||` +
` Sender IP: ${senderIp} ||` +
` Request Timestamp: ${new Date(reqTime).toISOString()} ||` +
` Response Timestamp: ${new Date(resTime).toISOString()} ||` +
` Request Method: ${req.method} ||` +
` Response Time: ${resTime - reqTime}ms ||` +
` User Agent: ${userAgent}`

Check warning

Code scanning / CodeQL

Log injection Medium

Log entry depends on a
user-provided value
Loading
.
Log entry depends on a
user-provided value
Loading
.

Copilot Autofix AI 2 months ago

To fix the log injection issue, we need to sanitize the userAgent value before logging it. Specifically, we should remove any newline characters from the userAgent string to prevent log injection attacks. This can be done using the String.prototype.replace method to remove any newline characters (\n and \r).

Suggested changeset 1
src/middlewares/requestLogger.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/src/middlewares/requestLogger.ts b/src/middlewares/requestLogger.ts
--- a/src/middlewares/requestLogger.ts
+++ b/src/middlewares/requestLogger.ts
@@ -7,3 +7,4 @@
     const senderIp = req.ip
-    const userAgent = req.headers['user-agent'] || 'Unknown'
+    let userAgent = req.headers['user-agent'] || 'Unknown'
+    userAgent = userAgent.replace(/\n|\r/g, "")
 
EOF
@@ -7,3 +7,4 @@
const senderIp = req.ip
const userAgent = req.headers['user-agent'] || 'Unknown'
let userAgent = req.headers['user-agent'] || 'Unknown'
userAgent = userAgent.replace(/\n|\r/g, "")

Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@arhamj arhamj Awaiting requested review from arhamj

@jintukumardas jintukumardas Awaiting requested review from jintukumardas

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
Review effort [1-5]: 3
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@tanuj-shardeum