@zenvia/logger 1.5.0 → 1.6.1

package/.github/workflows/node.js.yml

@@ -0,0 +1,38 @@
+# This workflow will do a clean installation of node dependencies, cache/restore them, build the source code and run tests across different versions of node
+# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-nodejs
+
+name: Node.js CI
+
+on:
+  - push
+  - pull_request
+
+jobs:
+  test:
+
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        node-version: [18.x]
+        # See supported Node.js release schedule at https://nodejs.org/en/about/releases/
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v3
+    - name: Use Node.js ${{ matrix.node-version }}
+      uses: actions/setup-node@v3
+      with:
+        node-version: ${{ matrix.node-version }}
+        cache: 'npm'
+    - name: Install dependencies
+      run: npm ci
+    - name: Run lint
+      run: npm run lint
+    - name: Run test
+      run: npm test
+    - name: Coveralls
+      uses: coverallsapp/github-action@v2
+      with:
+        github-token: ${{ secrets.GITHUB_TOKEN }}
+        path-to-lcov: ${{ github.workspace }}/coverage/lcov.info

package/.github/workflows/npm-publish.yml

@@ -0,0 +1,42 @@
+# This workflow will run tests using node and then publish a package to GitHub Packages when a release is created
+# For more information see: https://docs.github.com/en/actions/publishing-packages/publishing-nodejs-packages
+
+name: Node.js Package
+
+on:
+  release:
+    types: [created]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
+        with:
+          node-version: 18
+      - name: Install dependencies
+        run: npm ci
+      - name: Run lint
+        run: npm run lint
+      - name: Run test
+        run: npm test
+      - name: Coveralls
+        uses: coverallsapp/github-action@v2
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          path-to-lcov: ${{ github.workspace }}/coverage/lcov.info
+
+  publish-npm:
+    needs: build
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
+        with:
+          node-version: 18
+          registry-url: https://registry.npmjs.org/
+      - run: npm ci
+      - run: npm publish
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

package/README.md

@@ -7,7 +7,7 @@ A wrapper for [Winston](https://github.com/winstonjs/winston) Logging [Node.js](
 [![Coverage Status](https://coveralls.io/repos/github/zenvia/zenvia-logger-node/badge.svg?branch=master)](https://coveralls.io/github/zenvia/zenvia-logger-node?branch=master)
 [![Dependencies](https://img.shields.io/david/zenvia/zenvia-logger-node.svg)](https://david-dm.org/zenvia/zenvia-logger-node)
 
-[![Twitter Follow](https://img.shields.io/twitter/follow/ZenviaMobile.svg?style=social)](https://twitter.com/intent/follow?screen_name=ZenviaMobile)
+[![Twitter Follow](https://img.shields.io/twitter/follow/ZENVIA_.svg?style=social)](https://twitter.com/intent/follow?screen_name=ZENVIA_)
 
 
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@zenvia/logger",
-  "version": "1.5.0",
+  "version": "1.6.1",
   "description": "A wrapper for Winston Logging Node.js library that formats the output on STDOUT as Logstash JSON format.",
   "license": "MIT",
   "main": "./src/index",
@@ -33,8 +33,8 @@
   ],
   "dependencies": {
     "app-root-dir": "^1.0.2",
-    "cls-rtracer": "^2.6.0",
-    "winston": "^3.3.3"
+    "cls-rtracer": "^2.6.3",
+    "winston": "^3.11.0"
   },
   "devDependencies": {
     "chai": "^4.2.0",

package/src/index.d.ts

@@ -1,5 +1,2 @@
-import logger from './lib/logger';
-import middleware from './middleware/trace';
-
-export default logger;
-export const traceMiddleware = middleware();
+export { default } from './lib/logger';
+export { default as traceMiddleware } from './middleware/trace';

package/src/lib/logger.js

@@ -10,7 +10,25 @@ const rTrace = require('cls-rtracer');
 
 const appPackage = require(path.join(appRootDir, 'package'));
 
+const sanitizeInfo = (info) => {
+  const sanitizeCRLFInjection = (str) => str
+    .replace(/\n|\r/g, (x) => (x === '\n' ? '#n' : '#r'));
+
+  Object.keys(info).forEach((key) => {
+    if (typeof info[key] === 'string') {
+      info[key] = sanitizeCRLFInjection(info[key]);
+      return;
+    }
+
+    if (info[key] instanceof Function) {
+      delete info[key];
+    }
+  });
+};
+
 const customFormatJson = winston.format((info) => {
+  sanitizeInfo(info);
+
   let stack;
 
   if (info.stack) {
@@ -31,12 +49,6 @@ const customFormatJson = winston.format((info) => {
     traceId: rTrace.id(),
   };
 
-  Object.keys(info).forEach((key) => {
-    if (info[key] instanceof Function) {
-      delete info[key];
-    }
-  });
-
   return info;
 });
 

package/src/middleware/trace.d.ts

@@ -1,3 +1,9 @@
-declare const traceMiddleware: () => (req: IncomingMessage, res: ServerResponse, next: (err?: any) => void) => void;
+import rTracer from 'cls-rtracer';
 
-export default traceMiddleware;
+declare const traceMiddleware: () =>
+  ReturnType<typeof rTracer.expressMiddleware> |
+  ReturnType<typeof rTracer.fastifyPlugin> |
+  typeof rTracer.hapiPlugin |
+  ReturnType<typeof rTracer.koaMiddleware>;
+
+export default traceMiddleware;

package/test/lib/logger.spec.js

@@ -241,6 +241,50 @@ describe('Logger test', () => {
   });
 
   describe('Logging format', () => {
+    it('should replace LF characters from log (POSIX systems)', () => {
+      logger.debug(`some message
+other CRLF injection message`);
+      const expectedOutput = {
+        '@timestamp': '2018-06-05T18:20:42.345Z',
+        '@version': 1,
+        application: 'application-name',
+        host: os.hostname(),
+        message: 'some message#nother CRLF injection message',
+        level: 'DEBUG',
+      };
+
+      const actualOutput = stdMocks.flush().stdout[0];
+      JSON.parse(actualOutput).should.be.deep.equal(expectedOutput);
+
+      logger.debug('some\n CRLF\n injection\n message');
+      const expectedOutput2 = {
+        '@timestamp': '2018-06-05T18:20:42.345Z',
+        '@version': 1,
+        application: 'application-name',
+        host: os.hostname(),
+        message: 'some#n CRLF#n injection#n message',
+        level: 'DEBUG',
+      };
+
+      const actualOutput2 = stdMocks.flush().stdout[0];
+      JSON.parse(actualOutput2).should.be.deep.equal(expectedOutput2);
+    });
+
+    it('should replace CRLF characters from log (Windows systems)', () => {
+      logger.debug('some\r\n CRLF\r\n injection\r\n message');
+      const expectedOutput = {
+        '@timestamp': '2018-06-05T18:20:42.345Z',
+        '@version': 1,
+        application: 'application-name',
+        host: os.hostname(),
+        message: 'some#r#n CRLF#r#n injection#r#n message',
+        level: 'DEBUG',
+      };
+
+      const actualOutput = stdMocks.flush().stdout[0];
+      JSON.parse(actualOutput).should.be.deep.equal(expectedOutput);
+    });
+
     it('should get not format when LOGGING_FORMATTER_DISABLED environment is true', () => {
       delete require.cache[require.resolve('../../src/lib/logger')];
       process.env.LOGGING_FORMATTER_DISABLED = 'true';

package/.travis.yml

@@ -1,27 +0,0 @@
-language: node_js
-
-node_js:
-  - 12
-
-before_script:
-  - npm ci
-
-script:
-  - npm run lint
-  - npm test
-
-after_success:
-  - npm run test:coveralls
-
-deploy:
-  provider: npm
-  email: $NPM_EMAIL
-  api_key: $NPM_TOKEN
-  skip_cleanup: true
-  on:
-    tags: true
-
-notifications:
-  email:
-    recipients:
-    - apisupport@zenvia.com