Merge pull request #505 from vtex/3.x-sensitive-fields

[3.x] Fix / Sensitive fields

Author: valentino-amadeus

CHANGELOG.md

@@ -7,6 +7,15 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## [Unreleased]
 
+## [3.77.7] - 2022-04-14
+
+### Fixed
+- Update sensitive fields.
+  - Remove "error".
+  - Add missing fields.
+- Fix cleanJson.
+  - Lowercase keys before comparison.
+
 ## [3.77.6] - 2022-03-08
 ### Fixed
 - Only remove cookie fields when removing sensitive data from logs.

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vtex/api",
-  "version": "3.77.6",
+  "version": "3.77.7",
   "description": "VTEX I/O API client",
   "main": "lib/index.js",
   "typings": "lib/index.d.ts",

src/utils/json.ts

@@ -2,7 +2,7 @@ export function cleanJson(json: {[k: string]: any}, targetFields: string[]) {
     for (const key of Object.keys(json)) {
         let deleted = false
         for (const field of targetFields) {
-            if (key === field) {
+            if (key.toLowerCase() === field) {
                 delete json[key]
                 deleted = true
             }

src/utils/log.ts

@@ -1,6 +1,19 @@
 import { cleanJson } from './json'
 
-const SENSITIVE_FIELDS = ['cookie', 'Cookie', 'vtexIdclientautcookie', 'error']
+const SENSITIVE_FIELDS = [
+    'auth',
+    'authorization',
+    'authtoken',
+    'cookie',
+    'proxy-athorization',
+    'rawheaders',
+    'token',
+    'vtexIdclientautcookie',
+    'x-vtex-api-appkey',
+    'x-vtex-api-apptoken',
+    'x-vtex-credential',
+    'x-vtex-session',
+]
 
 export const cleanLog = (log: {[k: string]: any}) => {
     return cleanJson(log, SENSITIVE_FIELDS)