Skip to content

Commit

Permalink
Merge pull request #434 from Workiva/dontLogBody
Browse files Browse the repository at this point in the history
ESG-11074 Don't log bytes / body in the error message
  • Loading branch information
btr-rmconsole-7[bot] authored Dec 17, 2024
2 parents 4aa1f16 + d59483c commit 61fafe6
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 14 deletions.
10 changes: 3 additions & 7 deletions lib/src/http/response_format_exception.dart
Original file line number Diff line number Diff line change
Expand Up @@ -34,25 +34,21 @@ class ResponseFormatException implements Exception {
ResponseFormatException(this.contentType, this.encoding,
{this.body, this.bytes});

/// Descriptive error message that includes the content-type, encoding, as
/// well as the string or bytes that could not be encoded or decoded,
/// respectively.
/// Error message that includes the content-type an encoding
String get message {
String description;
String bodyLine;
if (body != null) {
description = 'Body could not be encoded.';
bodyLine = 'Body: $body';
} else {
description = 'Bytes could not be decoded.';
bodyLine = 'Bytes: $bytes';
}

String msg = description;
final encodingName = encoding?.name ?? 'null';
msg += '\n\tContent-Type: $contentType';
msg += '\n\tEncoding: $encodingName';
msg += '\n\t$bodyLine';
// WARNING: Do not include `bytes` or `body` in the error message. It may contain
// sensitive information that we do not want logged.

return msg;
}
Expand Down
6 changes: 3 additions & 3 deletions test/unit/http/http_body_test.dart
Original file line number Diff line number Diff line change
Expand Up @@ -187,7 +187,7 @@ void main() {
expect(exception.toString(), contains('Body could not be encoded'));
expect(exception.toString(), contains('Content-Type: $contentType'));
expect(exception.toString(), contains('Encoding: ${ascii.name}'));
expect(exception.toString(), contains('bodyçå®'));
expect(exception.toString(), isNot(contains('bodyçå®')));
});

test('should throw ResponseFormatException if bytes cannot be decoded',
Expand All @@ -210,8 +210,8 @@ void main() {
expect(exception.toString(), contains('Bytes could not be decoded'));
expect(exception.toString(), contains('Content-Type: $contentType'));
expect(exception.toString(), contains('Encoding: ${ascii.name}'));
expect(
exception.toString(), contains(utf8.encode('bodyçå®').toString()));
expect(exception.toString(),
isNot(contains(utf8.encode('bodyçå®')).toString()));
});
});

Expand Down
10 changes: 6 additions & 4 deletions test/unit/http/response_format_exception_test.dart
Original file line number Diff line number Diff line change
Expand Up @@ -36,8 +36,8 @@ void main() {
expect(exception.toString(), contains('Bytes could not be decoded'));
expect(exception.toString(), contains('Content-Type: $contentType'));
expect(exception.toString(), contains('Encoding: ${ascii.name}'));
expect(
exception.toString(), contains(utf8.encode('bodyçå®').toString()));
// Do not log bytes, which may contain sensitive information
expect(exception.toString(), isNot(contains(bytes).toString()));
});

test('should detail why string could not be encoded', () {
Expand All @@ -49,7 +49,8 @@ void main() {
expect(exception.toString(), contains('Body could not be encoded'));
expect(exception.toString(), contains('Content-Type: $contentType'));
expect(exception.toString(), contains('Encoding: ${ascii.name}'));
expect(exception.toString(), contains('bodyçå®'));
// Do not log body, which may contain sensitive information
expect(exception.toString(), isNot(contains(body)));
});

test('should warn if encoding is null', () {
Expand All @@ -61,7 +62,8 @@ void main() {
expect(exception.toString(), contains('Body could not be encoded'));
expect(exception.toString(), contains('Content-Type: $contentType'));
expect(exception.toString(), contains('Encoding: null'));
expect(exception.toString(), contains('bodyçå®'));
// Do not log body, which may contain sensitive information
expect(exception.toString(), isNot(contains(body)));
});
});
});
Expand Down

0 comments on commit 61fafe6

Please sign in to comment.