From 41e0ac8f3ea5dbf0d040f0094e506ae5e248076c Mon Sep 17 00:00:00 2001
From: Josh Mock <joshua.mock@elastic.co>
Date: Thu, 11 Apr 2024 13:02:15 -0500
Subject: [PATCH] fix: Detect non-objects during recursive redaction (#92)

---
 src/security.ts            |  6 +++---
 test/unit/security.test.ts | 10 ++++++++++
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/src/security.ts b/src/security.ts
index 9268b1f..0c8ac6e 100644
--- a/src/security.ts
+++ b/src/security.ts
@@ -38,14 +38,14 @@ export function redactObject (obj: Record<string, any>, additionalKeys: string[]
   return doRedact(obj)
 
   function doRedact (obj: Record<string, any>): Record<string, any> {
+    if (typeof obj !== 'object' || obj == null) return obj
+
     const newObj: Record<string, any> = {}
     Object.entries(obj).forEach(([key, value]) => {
       // pull auth info out of URL objects
       if (value instanceof URL) {
         value = `${value.origin}${value.pathname}${value.search}`
-      }
-
-      if (typeof value === 'object' && value !== null) {
+      } else if (typeof value === 'object' && value !== null) {
         if (Array.isArray(value)) {
           // if it's an array, redact each item
           value = value.map(v => doRedact(v))
diff --git a/test/unit/security.test.ts b/test/unit/security.test.ts
index 97d434d..c81aa19 100644
--- a/test/unit/security.test.ts
+++ b/test/unit/security.test.ts
@@ -205,5 +205,15 @@ test('redactObject', t => {
     t.notMatch(result.foo[1].password, 'bar')
   })
 
+  t.test('does not fail on undefined or null', t => {
+    // @ts-expect-error
+    t.doesNotThrow(() => redactObject(null))
+    // @ts-expect-error
+    t.doesNotThrow(() => redactObject(undefined))
+    t.doesNotThrow(() => redactObject({ foo: undefined }))
+    t.doesNotThrow(() => redactObject({ foo: null }))
+    t.end()
+  })
+
   t.end()
 })