fix: TRAC-33-crash-if-LUMIGO_SECRET_MASKING_REGEX-has-invalid-regex-e…

…xp (#517) * fix: keyToRegexes()
lumigo-io · Oct 7, 2024 · f83458f · f83458f
1 parent 58e1104
commit f83458f
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 10 deletions.
diff --git a/src/utils/payloadStringify.js b/src/utils/payloadStringify.js
@@ -32,18 +32,26 @@ const keyToRegexes = (
   backwardCompRegexEnvVarName = LUMIGO_SECRET_MASKING_REGEX_BACKWARD_COMP,
   regexesEnvVarName = LUMIGO_SECRET_MASKING_REGEX
 ) => {
-  if (process.env[backwardCompRegexEnvVarName]) {
-    const parseResponse = parseJsonFromEnvVar(backwardCompRegexEnvVarName, true);
-    if (parseResponse) {
-      regexesList = parseResponse;
-    }
-  } else if (process.env[regexesEnvVarName]) {
-    const parseResponse = parseJsonFromEnvVar(regexesEnvVarName, true);
-    if (parseResponse) {
-      regexesList = parseResponse;
+  const fallbackRegexesList = regexesList;
+
+  const tryParseEnvVar = (envVarName) => {
+    if (process.env[envVarName]) {
+      return parseJsonFromEnvVar(envVarName, true);
     }
+    return null;
+  };
+
+  // Try parsing backward compatibility or main environment variables
+  const regexes =
+    tryParseEnvVar(backwardCompRegexEnvVarName) || tryParseEnvVar(regexesEnvVarName) || regexesList;
+
+  try {
+    return regexes.map((x) => new RegExp(x, 'i'));
+  } catch (e) {
+    invalidMaskingRegexWarning(e);
+    logger.warn('Fallback to default regexes list', { fallbackRegexesList });
+    return fallbackRegexesList.map((x) => new RegExp(x, 'i'));
   }
-  return regexesList.map((x) => new RegExp(x, 'i'));
 };
 
 export const keyToOmitRegexes = () => {

diff --git a/src/utils/payloadStringify.test.js b/src/utils/payloadStringify.test.js
@@ -333,6 +333,21 @@ describe('payloadStringify', () => {
     ]);
   });
 
+  test('shallowMask -> requestBody -> LUMIGO_SECRET_MASKING_REGEX -> bad regex', () => {
+    utils.setDebug();
+    process.env[LUMIGO_SECRET_MASKING_REGEX] = '["a(a"]';
+    expect(shallowMask('requestBody', { a: 'b', aa: 'bla' })).toEqual({ a: 'b', aa: 'bla' });
+
+    expect(ConsoleWritesForTesting.getLogs()).toEqual([
+      expect.objectContaining({
+        msg: '#LUMIGO# - WARNING - "Failed to parse the given masking regex"',
+      }),
+      expect.objectContaining({
+        msg: '#LUMIGO# - WARNING - "Fallback to default regexes list"',
+      }),
+    ]);
+  });
+
   test.each`
     envVarValue                                                                | event                                                                                                                                                                                                                                                                                                                                                                                                                          | expectedResults
     ${['["object.foo"]']}                                                      | ${[{ secret: { key: 'value' } }, { object: { foo: 'value' } }]}                                                                                                                                                                                                                                                                                                                                                                | ${JSON.stringify([{ secret: '****' }, { object: { foo: '****' } }])}