search

slackapi / node-slack-sdk

Slack Developer Kit for Node.js
https://slack.dev/node-slack-sdk
MIT License
3.27k stars 661 forks source link

socket-mode(fix): redact ephemeral tokens and secrets from debug logs #1832

Open zimeg opened 3 months ago

zimeg commented 3 months ago

Summary

This PR replaces values that should be redacted in debug logs - such as the ephemeral bot_access_token used in custom functions and interactor.secret - with [[REDACTED]].

Preview

Example output differences are found towards the end:

- [DEBUG]  socket-mode:SocketModeClient:0 Received a message on the WebSocket: {"envelope_id":"15726246-7de2-491a-95ed-09ba986b1c6b","payload":{"type":"block_actions","team":{"id":"T038J6TH5PF","domain":"sandbox"},"enterprise":null,"user":{"id":"U03SV4BFTJP","name":"me","team_id":"T038J6TH5PF"},"channel":{"id":"D079CP6N3GW","name":"directmessage"},"message":{"user":"U0794R4RBLP","type":"message","ts":"1719282819.865949","bot_id":"B07A85ZNJMN","app_id":"A079CP1699U","text":"Placeholder text","team":"T038J6TH5PF","blocks":[{"type":"section","block_id":"I9kjf","text":{"type":"mrkdwn","text":"Placeholder text","verbatim":false},"accessory":{"type":"button","action_id":"sample_button","text":{"type":"plain_text","text":"Complete function","emoji":true}}}]},"container":{"type":"message","message_ts":"1719282819.865949","channel_id":"D079CP6N3GW","is_ephemeral":false},"actions":[{"block_id":"I9kjf","action_id":"sample_button","type":"button","text":{"type":"plain_text","text":"Complete function","emoji":true},"action_ts":"1719282823.103643"}],"api_app_id":"A079CP1699U","state":{"values":{}},"bot_access_token":"xwfp-example-001","function_data":{"execution_id":"Fx079KPY1T6X","function":{"callback_id":"sample_function"},"inputs":{"user_id":"U03SV4BFTJP"}},"interactivity":{"interactor":{"secret":"someothervalue","id":"U03SV4BFTJP"},"interactivity_pointer":"7323025435029.3290231583797.b4a081dcb5a60882b1eea4d00e4dbc28"}},"type":"interactive","accepts_response_payload":false}
+ [DEBUG]  socket-mode:SocketModeClient:0 Received a message on the WebSocket: {"envelope_id":"15726246-7de2-491a-95ed-09ba986b1c6b","payload":{"type":"block_actions","team":{"id":"T038J6TH5PF","domain":"sandbox"},"enterprise":null,"user":{"id":"U03SV4BFTJP","name":"me","team_id":"T038J6TH5PF"},"channel":{"id":"D079CP6N3GW","name":"directmessage"},"message":{"user":"U0794R4RBLP","type":"message","ts":"1719282819.865949","bot_id":"B07A85ZNJMN","app_id":"A079CP1699U","text":"Placeholder text","team":"T038J6TH5PF","blocks":[{"type":"section","block_id":"I9kjf","text":{"type":"mrkdwn","text":"Placeholder text","verbatim":false},"accessory":{"type":"button","action_id":"sample_button","text":{"type":"plain_text","text":"Complete function","emoji":true}}}]},"container":{"type":"message","message_ts":"1719282819.865949","channel_id":"D079CP6N3GW","is_ephemeral":false},"actions":[{"block_id":"I9kjf","action_id":"sample_button","type":"button","text":{"type":"plain_text","text":"Complete function","emoji":true},"action_ts":"1719282823.103643"}],"api_app_id":"A079CP1699U","state":{"values":{}},"bot_access_token":"[[REDACTED]]","function_data":{"execution_id":"Fx079KPY1T6X","function":{"callback_id":"sample_function"},"inputs":{"user_id":"U03SV4BFTJP"}},"interactivity":{"interactor":{"secret":"[[REDACTED]]","id":"U03SV4BFTJP"},"interactivity_pointer":"7323025435029.3290231583797.b4a081dcb5a60882b1eea4d00e4dbc28"}},"type":"interactive","accepts_response_payload":false}

Reviewers

These changes resemble those found in #1831 but with updates to match refactors from socket-mode@v2. At this time it's not so quick to test with Bolt but the test cases will hopefully give some confidence 🙏

Notes

Requirements

codecov[bot] commented 3 months ago

Codecov Report

Attention: Patch coverage is 84.61538% with 8 lines in your changes missing coverage. Please review.

Project coverage is 82.05%. Comparing base (88e4b38) to head (3147e08). Report is 2 commits behind head on main.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #1832 +/- ## ========================================== + Coverage 81.85% 82.05% +0.19% ========================================== Files 35 35 Lines 7782 7829 +47 Branches 318 331 +13 ========================================== + Hits 6370 6424 +54 + Misses 1400 1393 -7 Partials 12 12 ``` | [Flag](https://app.codecov.io/gh/slackapi/node-slack-sdk/pull/1832/flags?src=pr&el=flags&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=slackapi) | Coverage Δ | | |---|---|---| | [cli-hooks](https://app.codecov.io/gh/slackapi/node-slack-sdk/pull/1832/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=slackapi) | `95.07% <ø> (ø)` | | | [cli-test](https://app.codecov.io/gh/slackapi/node-slack-sdk/pull/1832/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=slackapi) | `54.16% <ø> (+0.02%)` | :arrow_up: | | [oauth](https://app.codecov.io/gh/slackapi/node-slack-sdk/pull/1832/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=slackapi) | `76.53% <ø> (ø)` | | | [socket-mode](https://app.codecov.io/gh/slackapi/node-slack-sdk/pull/1832/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=slackapi) | `63.07% <84.61%> (+3.48%)` | :arrow_up: | | [web-api](https://app.codecov.io/gh/slackapi/node-slack-sdk/pull/1832/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=slackapi) | `96.55% <ø> (ø)` | | | [webhook](https://app.codecov.io/gh/slackapi/node-slack-sdk/pull/1832/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=slackapi) | `95.27% <ø> (ø)` | | Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=slackapi#carryforward-flags-in-the-pull-request-comment) to find out more.