feat(filters): filter set-cookie headers (#485)

elastic · Aug 9, 2018 · f341bd3 · f341bd3
1 parent 52b9d52
commit f341bd3
Show file tree

Hide file tree

Showing 3 changed files with 67 additions and 0 deletions.
diff --git a/lib/filters.js b/lib/filters.js
@@ -2,6 +2,7 @@
 
 var cookie = require('cookie')
 var redact = require('redact-secrets')('[REDACTED]')
+var SetCookie = require('set-cookie-serde')
 
 var REDACTED = '[REDACTED]'
 
@@ -32,6 +33,12 @@ Filters.prototype.process = function (payload) {
   return result
 }
 
+function stringify (value) {
+  return Array.isArray(value)
+    ? value.map(value => value.toString())
+    : value.toString()
+}
+
 function httpHeaders (payload) {
   var arr = payload.transactions || payload.errors
 
@@ -51,6 +58,17 @@ function httpHeaders (payload) {
         .map(function (k) { return k + '=' + cookies[k] })
         .join('; ')
     }
+
+    if (typeof headers['set-cookie'] !== 'undefined') {
+      try {
+        var setCookies = new SetCookie(headers['set-cookie'])
+        redact.forEach(setCookies)
+        headers['set-cookie'] = stringify(setCookies)
+      } catch (err) {
+        // Ignore error
+        headers['set-cookie'] = '[malformed set-cookie header]'
+      }
+    }
   })
 
   return payload

diff --git a/package.json b/package.json
@@ -84,6 +84,7 @@
     "require-ancestors": "^1.0.0",
     "require-in-the-middle": "^3.1.0",
     "semver": "^5.5.0",
+    "set-cookie-serde": "^1.0.0",
     "sql-summary": "^1.0.1",
     "stackman": "^3.0.2",
     "unicode-byte-truncate": "^1.0.0",

diff --git a/test/filters.js b/test/filters.js
@@ -0,0 +1,48 @@
+'use strict'
+
+var test = require('tape')
+
+var Filters = require('../lib/filters')
+
+function makeTransactionWithHeaders (headers) {
+  return {
+    context: {
+      request: {
+        headers
+      }
+    }
+  }
+}
+
+function getHeaders (result) {
+  try {
+    return result.transactions[0].context.request.headers
+  } catch (err) {}
+}
+
+test('set-cookie', function (t) {
+  const filters = new Filters()
+  filters.config({
+    filterHttpHeaders: true
+  })
+
+  const result = filters.process({
+    transactions: [
+      makeTransactionWithHeaders({
+        'set-cookie': [
+          'password=this-is-a-password',
+          'card=1234%205678%201234%205678; Secure'
+        ]
+      })
+    ]
+  })
+
+  t.deepEqual(getHeaders(result), {
+    'set-cookie': [
+      'password=%5BREDACTED%5D',
+      'card=%5BREDACTED%5D; Secure'
+    ]
+  })
+
+  t.end()
+})