UNPKG

@instana/core

Version:

Core library for Instana's Node.js packages

github.com/instana/nodejs/blob/main/packages/core/README.md

instana/nodejs

101 lines (91 loc) 3.32 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
/* * (c) Copyright IBM Corp. 2021 * (c) Copyright Instana Inc. and contributors 2016 */ 'use strict'; const { URL } = require('url'); const secrets = require('../secrets'); /** * Sanitizes the incoming URL by removing query parameters and redacting basic auth credentials if present. * @param {string} urlString the URL that will be sanitized * @returns {string} the URL, without query parameters, matrix parameters and with basic auth credentials redacted */ exports.sanitizeUrl = function sanitizeUrl(urlString) { let normalizedUrl; try { const url = new URL(urlString); // If URL has no protocol, host, or path, return the original URL. // TODO: This case need adjustment for complete sanitization of the URL. if (!url.protocol && !url.host && !url.pathname) { return urlString; } // Normalize the URL with redacted credentials. normalizedUrl = `${nullToEmptyString(url.protocol)}${url.protocol || url.host ? '//' : ''}${ url.username || url.password ? '<redacted>:<redacted>@' : '' }${nullToEmptyString(url.host)}${nullToEmptyString(url.pathname)}`; } catch (e) { // If URL parsing fails and it's a relative URL, return its path. // For example, if the input is "/foo?a=b", the returned value will be "/foo". if (typeof urlString === 'string' && urlString.startsWith('/')) { return new URL(urlString, 'https://example.org/').pathname; } else { // This case need adjustment for complete sanitization of the URL, reference 159741 return urlString; } } return normalizedUrl; }; /** * @param {string} string the string to normalize * @returns {string} returns the string unchanged, unless it is null or undefined, in that case an empty string is * returned */ function nullToEmptyString(string) { return string == null ? '' : string; } /** * @param {string} queryString */ exports.filterParams = function filterParams(queryString) { if (!queryString || queryString === '') { return undefined; } if (typeof queryString !== 'string') { return queryString; } return queryString .split('&') .map(param => { const key = param.split('=')[0]; if (key && secrets.isSecret(key)) { return `${key}=<redacted>`; } return param; }) .join('&'); }; /** * Splits the given string (a URL) at the first occurence of the question mark character, then treats the second half as * a query string, applies secrets redaction to it and returns that query string with secrets redacted. * * @param {string} fullUrl the URL from the query string is to be extracted */ exports.splitAndFilter = function splitAndFilter(fullUrl) { const parts = fullUrl.split('?'); if (parts.length >= 2) { return exports.filterParams(parts[1]); } return null; }; /** * Returns a new string which is the input with the first character removed if and only if that character is a question * mark, otherwise this function returns the input unchanged. * * @param {string} queryString the string from which the first character will be conditionally be removed */ exports.dropLeadingQuestionMark = function dropLeadingQuestionMark(queryString) { if (queryString && queryString.charAt(0) === '?') { return queryString.substring(1); } return queryString; };