SF-3437 Mask HTTP Authorization Header

Lucas Thomas · Lucas Thomas · commit 4e966aed37ea · 2015-09-16T10:32:08.000-05:00
diff --git a/.gitignore b/.gitignore
@@ -1,2 +1,4 @@
 node_modules
-npm-debug.log
+npm-debug.log
+.idea
+*.iml
diff --git a/lib/error.js b/lib/error.js
@@ -10,7 +10,7 @@ var url        = require('url'),
 
 module.exports = {
     /**
-    * Check for duplicate error messages. If the same error message logged more than configurated limit in one minute
+    * Check for duplicate error messages. If the same error message logged more than configured limit in one minute
     * don't push it to the queue
     */
     checkErrorLimitMessage : function checkErrorLimitMessage(ex) {
@@ -46,7 +46,7 @@ module.exports = {
             result = {},
             lastElement = trace[trace.length - 1];
 
-        if (not_direct && !exc.excCaught) {
+        if (not_direct) {
             if (lastElement.CodeFileName === 'module.js') {
                 result.SrcMethod = trace[trace.length - 2].Method;
                 result.SrcLine = trace[trace.length - 2].LineNum;                    
@@ -103,9 +103,12 @@ module.exports = {
                 PostData: helpers.getPostData(req)
             };
 
-            if (req.headers.cookie) {
-                ex.WebRequestDetail.Headers.cookie = CONFIG.COOKIE_MASK;
-            }
+            // mask certain headers so data is not sent to Stackify
+            ["cookie", "authorization"].forEach(function(elm){
+                if (req.headers[elm]) {
+                    ex.WebRequestDetail.Headers[elm] = CONFIG.COOKIE_MASK;
+                }
+            });
         }
 
         return ex;
diff --git a/lib/helpers.js b/lib/helpers.js
@@ -2,7 +2,6 @@ var stackTrace = require('stack-trace'),
 
     path       = require('path'),
     os         = require('os'),
-    qs         = require('querystring'),
 
     CONFIG     = require('../config/config');
 
@@ -185,25 +184,4 @@ module.exports.getHeaders = function getHeaders() {
         'X-Stackify-Key': CONFIG.APIKEY,
         'X-Stackify-PV': CONFIG.X_STACKIFY_PV
     };
-};
-/*
-*** Function for getting post data from the request
-*/
-module.exports.getPostData = function getPostData (req) {
-    return (function() {
-        if (request.method == 'POST') {
-            var body = '';
-            request.on('data', function (data) {
-                body += data;
-
-                // Too much POST data, kill the connection!
-                if (body.length > 1e6)
-                    request.connection.destroy();
-            });
-            request.on('end', function () {
-                var json = qs.parse(body);
-                req.body = json;
-            });
-        }
-    }());
-};
+};
