fix: Detect non-objects during recursive redaction (#92)

elastic · Apr 11, 2024 · 41e0ac8 · 41e0ac8
1 parent 403fc67
commit 41e0ac8
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 3 deletions.
diff --git a/src/security.ts b/src/security.ts
@@ -38,14 +38,14 @@ export function redactObject (obj: Record<string, any>, additionalKeys: string[]
   return doRedact(obj)
 
   function doRedact (obj: Record<string, any>): Record<string, any> {
+    if (typeof obj !== 'object' || obj == null) return obj
+
     const newObj: Record<string, any> = {}
     Object.entries(obj).forEach(([key, value]) => {
       // pull auth info out of URL objects
       if (value instanceof URL) {
         value = `${value.origin}${value.pathname}${value.search}`
-      }
-
-      if (typeof value === 'object' && value !== null) {
+      } else if (typeof value === 'object' && value !== null) {
         if (Array.isArray(value)) {
           // if it's an array, redact each item
           value = value.map(v => doRedact(v))

diff --git a/test/unit/security.test.ts b/test/unit/security.test.ts
@@ -205,5 +205,15 @@ test('redactObject', t => {
     t.notMatch(result.foo[1].password, 'bar')
   })
 
+  t.test('does not fail on undefined or null', t => {
+    // @ts-expect-error
+    t.doesNotThrow(() => redactObject(null))
+    // @ts-expect-error
+    t.doesNotThrow(() => redactObject(undefined))
+    t.doesNotThrow(() => redactObject({ foo: undefined }))
+    t.doesNotThrow(() => redactObject({ foo: null }))
+    t.end()
+  })
+
   t.end()
 })