Redact sensitive args from handshake debug log

code-asher · code-asher · commit 3f7db15fde6f · 2023-05-04T10:54:41.000-08:00
diff --git a/src/node/cli.ts b/src/node/cli.ts
@@ -435,15 +435,22 @@ export const parse = (
 
   logger.debug(() => [
     `parsed ${opts?.configFile ? "config" : "command line"}`,
-    field("args", {
+    field("args", redactArgs(args)),
+  ])
+
+  return args
+}
+
+/**
+ * Redact sensitive information from arguments for logging.
+ */
+export const redactArgs = (args: UserProvidedArgs): UserProvidedArgs => {
+  return {
       ...args,
       password: args.password ? "<redacted>" : undefined,
       "hashed-password": args["hashed-password"] ? "<redacted>" : undefined,
       "github-auth": args["github-auth"] ? "<redacted>" : undefined,
-    }),
-  ])
-
-  return args
+    }
 }
 
 /**
diff --git a/src/node/wrapper.ts b/src/node/wrapper.ts
@@ -3,7 +3,7 @@ import * as cp from "child_process"
 import * as path from "path"
 import * as rfs from "rotating-file-stream"
 import { Emitter } from "../common/emitter"
-import { DefaultedArgs } from "./cli"
+import { DefaultedArgs, redactArgs } from "./cli"
 import { paths } from "./util"
 
 const timeoutInterval = 10000 // 10s, matches VS Code's timeouts.
@@ -44,10 +44,11 @@ export function onMessage<M, T extends M>(
     }
 
     const onMessage = (message: M) => {
-      ;(customLogger || logger).debug("got message", field("message", message))
       if (fn(message)) {
         cleanup()
         resolve(message)
+      } else {
+        ;(customLogger || logger).debug("got unhandled message", field("message", message))
       }
     }
 
@@ -181,6 +182,10 @@ export class ChildProcess extends Process {
       },
       this.logger,
     )
+    this.logger.debug("got message", field("message", {
+      type: message.type,
+      args: redactArgs(message.args),
+    }))
     return message.args
   }
 
@@ -339,13 +344,14 @@ export class ParentProcess extends Process {
     if (!this.args) {
       throw new Error("started without args")
     }
-    await onMessage<ChildMessage, ChildHandshakeMessage>(
+    const message = await onMessage<ChildMessage, ChildHandshakeMessage>(
       child,
       (message): message is ChildHandshakeMessage => {
         return message.type === "handshake"
       },
       this.logger,
     )
+    this.logger.debug("got message", field("message", message))
     this.send(child, { type: "handshake", args: this.args })
   }
 

Original file line number	Diff line number	Diff line change
`@@ -3,7 +3,7 @@ import * as cp from "child_process"`
`3`	`3`	`import * as path from "path"`
`4`	`4`	`import * as rfs from "rotating-file-stream"`
`5`	`5`	`import { Emitter } from "../common/emitter"`
`6`		`-import { DefaultedArgs } from "./cli"`
	`6`	`+import { DefaultedArgs, redactArgs } from "./cli"`
`7`	`7`	`import { paths } from "./util"`
`8`	`8`
`9`	`9`	`const timeoutInterval = 10000 // 10s, matches VS Code's timeouts.`
`@@ -44,10 +44,11 @@ export function onMessage<M, T extends M>(`
`44`	`44`	`}`
`45`	`45`
`46`	`46`	`const onMessage = (message: M) => {`
`47`		`- ;(customLogger \|\| logger).debug("got message", field("message", message))`
`48`	`47`	`if (fn(message)) {`
`49`	`48`	`cleanup()`
`50`	`49`	`resolve(message)`
	`50`	`+ } else {`
	`51`	`+ ;(customLogger \|\| logger).debug("got unhandled message", field("message", message))`
`51`	`52`	`}`
`52`	`53`	`}`
`53`	`54`
`@@ -181,6 +182,10 @@ export class ChildProcess extends Process {`
`181`	`182`	`},`
`182`	`183`	`this.logger,`
`183`	`184`	`)`
	`185`	`+ this.logger.debug("got message", field("message", {`
	`186`	`+ type: message.type,`
	`187`	`+ args: redactArgs(message.args),`
	`188`	`+ }))`
`184`	`189`	`return message.args`
`185`	`190`	`}`
`186`	`191`
`@@ -339,13 +344,14 @@ export class ParentProcess extends Process {`
`339`	`344`	`if (!this.args) {`
`340`	`345`	`throw new Error("started without args")`
`341`	`346`	`}`
`342`		`- await onMessage<ChildMessage, ChildHandshakeMessage>(`
	`347`	`+ const message = await onMessage<ChildMessage, ChildHandshakeMessage>(`
`343`	`348`	`child,`
`344`	`349`	`(message): message is ChildHandshakeMessage => {`
`345`	`350`	`return message.type === "handshake"`
`346`	`351`	`},`
`347`	`352`	`this.logger,`
`348`	`353`	`)`
	`354`	`+ this.logger.debug("got message", field("message", message))`
`349`	`355`	`this.send(child, { type: "handshake", args: this.args })`
`350`	`356`	`}`
`351`	`357`