Fix for password leak in logs (#100)

* Fix for password leak in logs Fixes: #99 Signed-off-by: Vinay Potluri <[email protected]> * lint fixes --------- Signed-off-by: Vinay Potluri <[email protected]> Co-authored-by: Alejandro Alvarez <[email protected]>
liquibase · Jun 20, 2024 · 8ca991c · 8ca991c
1 parent bdae640
commit 8ca991c
Showing 1 changed file with 44 additions and 3 deletions.
diff --git a/src/util/logger.ts b/src/util/logger.ts
@@ -9,6 +9,14 @@ export class Logger {
     return this._log(message);
   }
 
+  public debug(message: string): void {
+    return this._debug(message);
+  }
+
+  public info(message: string): void {
+    return this._info(message);
+  }
+
   public warn(message: string): void {
     return this._warn(message);
   }
@@ -29,7 +37,36 @@ export class Logger {
       return;
     }
 
-    return console.log(`${LIQUIBASE_LABEL} ${message}`);
+    if (this.logLevel === LiquibaseLogLevels.Debug) {
+      return this._debug(message);
+    }
+
+    return console.log(`${LIQUIBASE_LABEL} ${this.sanitizeOutput(message)}`);
+  }
+
+  private _debug(message: string) {
+    const levels = [
+      LiquibaseLogLevels.Debug,
+      LiquibaseLogLevels.Info,
+      LiquibaseLogLevels.Severe,
+      LiquibaseLogLevels.Warning,
+    ];
+
+    if (!this.shouldOperate(levels)) {
+      return;
+    }
+
+    return console.debug('\x1b[34m%s\x1b[0m', `${LIQUIBASE_LABEL} ${message}`);
+  }
+
+  private _info(message: string) {
+    const levels = [LiquibaseLogLevels.Info, LiquibaseLogLevels.Severe, LiquibaseLogLevels.Warning];
+
+    if (!this.shouldOperate(levels)) {
+      return;
+    }
+
+    return console.info('\x1b[32m%s\x1b[0m', `${LIQUIBASE_LABEL} ${this.sanitizeOutput(message)}`);
   }
 
   private _warn(message: string) {
@@ -39,7 +76,7 @@ export class Logger {
       return;
     }
 
-    return console.warn('\x1b[33m%s\x1b[0m', `${LIQUIBASE_LABEL} ${message}`);
+    return console.warn('\x1b[33m%s\x1b[0m', `${LIQUIBASE_LABEL} ${this.sanitizeOutput(message)}`);
   }
 
   private _error(message: string) {
@@ -49,7 +86,7 @@ export class Logger {
       return;
     }
 
-    return console.error('\x1b[31m%s\x1b[0m', `${LIQUIBASE_LABEL} ${message}`);
+    return console.error('\x1b[31m%s\x1b[0m', `${LIQUIBASE_LABEL} ${this.sanitizeOutput(message)}`);
   }
 
   private shouldOperate(acceptableLogLevels: Array<LiquibaseLogLevels>) {
@@ -63,4 +100,8 @@ export class Logger {
 
     return this.config?.logLevel || LiquibaseLogLevels.Severe;
   }
+
+  private sanitizeOutput(output: string): string {
+    return output.replace(/password=("?\S+"?)/gi, 'password=******');
+  }
 }