fix: prevent sensitive data leakage in error logs (#5948)

2026-04-28 18:40:34 -05:00 · 2025-10-18 16:33:27 +02:00
parent 31a9ba629b
commit 97482a082d
6 changed files with 29 additions and 80 deletions
--- a/packages/sync-server/src/app-gocardless/app-gocardless.js
+++ b/packages/sync-server/src/app-gocardless/app-gocardless.js
@@ -1,5 +1,4 @@
 import path from 'path';
-import { inspect } from 'util';

 import { isAxiosError } from 'axios';
 import express from 'express';
@@ -244,7 +243,7 @@ app.post(
          });
          break;
        case error instanceof GenericGoCardlessError:
-          console.log('Something went wrong', inspect(error, { depth: null }));
+          console.log('Something went wrong', error.message);
          sendErrorResponse({
            error_type: 'SYNC_ERROR',
            error_code: 'NORDIGEN_ERROR',
@@ -253,7 +252,8 @@ app.post(
        case isAxiosError(error):
          console.log(
            'Something went wrong',
-            inspect(error.response?.data || error, { depth: null }),
+            error.message,
+            error.response?.data?.summary || error.response?.data?.detail || '',
          );
          sendErrorResponse({
            error_type: 'SYNC_ERROR',
@@ -261,7 +261,7 @@ app.post(
          });
          break;
        default:
-          console.log('Something went wrong', inspect(error, { depth: null }));
+          console.log('Something went wrong', error.message || String(error));
          sendErrorResponse({
            error_type: 'UNKNOWN',
            error_code: 'UNKNOWN',
--- a/packages/sync-server/src/app-gocardless/banks/integration-bank.js
+++ b/packages/sync-server/src/app-gocardless/banks/integration-bank.js
@@ -22,11 +22,6 @@ export default {
  institutionIds: ['IntegrationBank'],

  normalizeAccount(account) {
-    console.debug(
-      'Available account properties for new institution integration',
-      { account: JSON.stringify(account) },
-    );
-
    return {
      account_id: account.id,
      institution: account.institution,
@@ -80,24 +75,10 @@ export default {
  },

  sortTransactions(transactions = []) {
-    console.debug(
-      'Available (first 10) transactions properties for new integration of institution in sortTransactions function',
-      { top10Transactions: JSON.stringify(transactions.slice(0, 10)) },
-    );
    return sortByBookingDateOrValueDate(transactions);
  },

  calculateStartingBalance(sortedTransactions = [], balances = []) {
-    console.debug(
-      'Available (first 10) transactions properties for new integration of institution in calculateStartingBalance function',
-      {
-        balances: JSON.stringify(balances),
-        top10SortedTransactions: JSON.stringify(
-          sortedTransactions.slice(0, 10),
-        ),
-      },
-    );
-
    const currentBalance = balances
      .filter(item => SORTED_BALANCE_TYPE_LIST.includes(item.balanceType))
      .sort(
--- a/packages/sync-server/src/app-gocardless/banks/tests/integration_bank.spec.js
+++ b/packages/sync-server/src/app-gocardless/banks/tests/integration_bank.spec.js
@@ -5,12 +5,6 @@ import {
 import IntegrationBank from '../integration-bank.js';

 describe('IntegrationBank', () => {
-  let consoleSpy;
-
-  beforeEach(() => {
-    consoleSpy = vi.spyOn(console, 'debug');
-  });
-
  describe('normalizeAccount', () => {
    const account = mockExtendAccountsAboutInstitutions[0];

@@ -42,16 +36,6 @@ describe('IntegrationBank', () => {
        type: 'checking',
      });
    });
-
-    it('normalizeAccount logs available account properties', () => {
-      IntegrationBank.normalizeAccount(account);
-      expect(consoleSpy).toHaveBeenCalledWith(
-        'Available account properties for new institution integration',
-        {
-          account: JSON.stringify(account),
-        },
-      );
-    });
  });

  describe('sortTransactions', () => {
@@ -72,35 +56,26 @@ describe('IntegrationBank', () => {
        transactionAmount: { amount: '100', currency: 'EUR' },
      },
    ];
-    const sortedTransactions = [
-      {
-        date: '2022-01-03',
-        bookingDate: '2022-01-03',
-        transactionAmount: { amount: '100', currency: 'EUR' },
-      },
-      {
-        date: '2022-01-02',
-        bookingDate: '2022-01-02',
-        transactionAmount: { amount: '100', currency: 'EUR' },
-      },
-      {
-        date: '2022-01-01',
-        bookingDate: '2022-01-01',
-        transactionAmount: { amount: '100', currency: 'EUR' },
-      },
-    ];

    it('should return transactions sorted by bookingDate', () => {
      const sortedTransactions = IntegrationBank.sortTransactions(transactions);
-      expect(sortedTransactions).toEqual(sortedTransactions);
-    });
-
-    it('sortTransactions logs available transactions properties', () => {
-      IntegrationBank.sortTransactions(transactions);
-      expect(consoleSpy).toHaveBeenCalledWith(
-        'Available (first 10) transactions properties for new integration of institution in sortTransactions function',
-        { top10Transactions: JSON.stringify(sortedTransactions.slice(0, 10)) },
-      );
+      expect(sortedTransactions).toEqual([
+        {
+          date: '2022-01-03',
+          bookingDate: '2022-01-03',
+          transactionAmount: { amount: '100', currency: 'EUR' },
+        },
+        {
+          date: '2022-01-02',
+          bookingDate: '2022-01-02',
+          transactionAmount: { amount: '100', currency: 'EUR' },
+        },
+        {
+          date: '2022-01-01',
+          bookingDate: '2022-01-01',
+          transactionAmount: { amount: '100', currency: 'EUR' },
+        },
+      ]);
    });
  });

@@ -141,16 +116,5 @@ describe('IntegrationBank', () => {
      );
      expect(startingBalance).toEqual(70000);
    });
-
-    it('logs available transactions and balances properties', () => {
-      IntegrationBank.calculateStartingBalance(transactions, balances);
-      expect(consoleSpy).toHaveBeenCalledWith(
-        'Available (first 10) transactions properties for new integration of institution in calculateStartingBalance function',
-        {
-          balances: JSON.stringify(balances),
-          top10SortedTransactions: JSON.stringify(transactions.slice(0, 10)),
-        },
-      );
-    });
  });
 });
--- a/packages/sync-server/src/app-gocardless/util/handle-error.js
+++ b/packages/sync-server/src/app-gocardless/util/handle-error.js
@@ -1,9 +1,7 @@
-import { inspect } from 'util';
-
 export function handleError(func) {
  return (req, res) => {
    func(req, res).catch(err => {
-      console.log('Error', req.originalUrl, inspect(err, { depth: null }));
+      console.log('Error', req.originalUrl, err.message || String(err));
      res.send({
        status: 'ok',
        data: {
--- a/packages/sync-server/src/app-simplefin/app-simplefin.js
+++ b/packages/sync-server/src/app-simplefin/app-simplefin.js
@@ -294,7 +294,7 @@ function parseAccessKey(accessKey) {
  let password = null;
  let baseUrl = null;
  if (!accessKey || !accessKey.match(/^.*\/\/.*:.*@.*$/)) {
-    console.log(`Invalid SimpleFIN access key: ${accessKey}`);
+    console.log('Invalid SimpleFIN access key');
    throw new Error(`Invalid access key`);
  }
  [scheme, rest] = accessKey.split('//');
--- a/upcoming-release-notes/5948.md
+++ b/upcoming-release-notes/5948.md
@@ -0,0 +1,6 @@
+---
+category: Enhancements
+authors: [MatissJanis]
+---
+
+Remove sensitive data logging from sync-server