diff --git a/src/analysis.js b/src/analysis.js index 4e8a98e..6464df6 100644 --- a/src/analysis.js +++ b/src/analysis.js @@ -9,11 +9,11 @@ import { RegexNotToBeLogged, getCustom } from "./tools.js"; export default { requestComponent, requestStack, requestImages, validateToken } -const rhdaTokenHeader = "rhda-token"; -const rhdaTelemetryId = "rhda-telemetry-id"; -const rhdaSourceHeader = "rhda-source" -const rhdaOperationTypeHeader = "rhda-operation-type" -const rhdaPackageManagerHeader = "rhda-pkg-manager" +const rhdaTokenHeader = "trust-da-token"; +const rhdaTelemetryId = "telemetry-anonymous-id"; +const rhdaSourceHeader = "trust-da-source" +const rhdaOperationTypeHeader = "trust-da-operation-type" +const rhdaPackageManagerHeader = "trust-da-pkg-manager" /** * Adds proxy agent configuration to fetch options if a proxy URL is specified @@ -229,11 +229,12 @@ async function validateToken(url, opts = {}) { * * @param {string} headerName - the header name to populate in request * @param headers - * @param {import("index.js").Options} [opts={}] - optional various options to pass along the application + * @param {string} optsKey - key in the options object to use the value for + * @param {import("index.js").Options} [opts={}] - options input object to fetch header values from * @private */ -function setRhdaHeader(headerName, headers, opts) { - let rhdaHeaderValue = getCustom(headerName.toUpperCase().replaceAll("-", "_"), null, opts); +function setRhdaHeader(headerName, headers, optsKey, opts) { + let rhdaHeaderValue = getCustom(optsKey, null, opts); if (rhdaHeaderValue) { headers[headerName] = rhdaHeaderValue } @@ -244,26 +245,15 @@ function setRhdaHeader(headerName, headers, opts) { * @param {import("index.js").Options} [opts={}] - optional various options to pass along the application * @returns {{}} */ -function getTokenHeaders(opts = {}) { - let supportedTokens = ['snyk', 'oss-index'] +export function getTokenHeaders(opts = {}) { let headers = {} - supportedTokens.forEach(vendor => { - let token = getCustom(`TRUSTIFY_DA_${vendor.replace("-", "_").toUpperCase()}_TOKEN`, null, opts); - if (token) { - headers[`ex-${vendor}-token`] = token - } - let user = getCustom(`TRUSTIFY_DA_${vendor.replace("-", "_").toUpperCase()}_USER`, null, opts); - if (user) { - headers[`ex-${vendor}-user`] = user - } - }) - setRhdaHeader(rhdaTokenHeader, headers, opts); - setRhdaHeader(rhdaSourceHeader, headers, opts); - setRhdaHeader(rhdaOperationTypeHeader, headers, opts); - setRhdaHeader(rhdaPackageManagerHeader, headers, opts) - setRhdaHeader(rhdaTelemetryId, headers, opts); + setRhdaHeader(rhdaTokenHeader, headers, 'TRUSTIFY_DA_TOKEN', opts); + setRhdaHeader(rhdaSourceHeader, headers, 'TRUSTIFY_DA_SOURCE', opts); + setRhdaHeader(rhdaOperationTypeHeader, headers, rhdaOperationTypeHeader.toUpperCase().replaceAll("-", "_"), opts); + setRhdaHeader(rhdaPackageManagerHeader, headers, rhdaPackageManagerHeader.toUpperCase().replaceAll("-", "_"), opts) + setRhdaHeader(rhdaTelemetryId, headers, 'TRUSTIFY_DA_TELEMETRY_ID', opts); - if (process.env["TRUSTIFY_DA_DEBUG"] === "true") { + if (getCustom("TRUSTIFY_DA_DEBUG", null, opts) === "true") { console.log("Headers Values to be sent to Trustify DA backend:" + EOL) for (const headerKey in headers) { if (!headerKey.match(RegexNotToBeLogged)) { diff --git a/src/index.js b/src/index.js index 9cdc0ba..4ff2180 100644 --- a/src/index.js +++ b/src/index.js @@ -39,9 +39,9 @@ export default { componentAnalysis, stackAnalysis, imageAnalysis, validateToken * TRUSTIFY_DA_SYFT_PATH?: string | undefined, * TRUSTIFY_DA_YARN_PATH?: string | undefined, * MATCH_MANIFEST_VERSIONS?: string | undefined, - * RHDA_SOURCE?: string | undefined, - * RHDA_TOKEN?: string | undefined, - * RHDA_TELEMETRY_ID?: string | undefined, + * TRUSTIFY_DA_SOURCE?: string | undefined, + * TRUSTIFY_DA_TOKEN?: string | undefined, + * TRUSTIFY_DA_TELEMETRY_ID?: string | undefined, * [key: string]: string | undefined, * }} Options */ diff --git a/src/tools.js b/src/tools.js index b3e9a32..8f6fd11 100644 --- a/src/tools.js +++ b/src/tools.js @@ -3,7 +3,7 @@ import { EOL } from "os"; import { PackageURL } from "packageurl-js"; -export const RegexNotToBeLogged = /TRUSTIFY_DA_.*_TOKEN|ex-.*-token/ +export const RegexNotToBeLogged = /TRUSTIFY_DA_(.*_)?TOKEN|ex-.*-token|trust-.*-token/ /** * * @param {string} key to log its value from environment variables and from opts, if it exists diff --git a/test/get-exhort-url.test.js b/test/exhort-backend-utils.test.js similarity index 77% rename from test/get-exhort-url.test.js rename to test/exhort-backend-utils.test.js index ed850d8..13130a7 100644 --- a/test/get-exhort-url.test.js +++ b/test/exhort-backend-utils.test.js @@ -1,11 +1,16 @@ import { expect } from 'chai' +import * as chai from 'chai' +import * as sinon from 'sinon' +import sinonChai from 'sinon-chai' +import { getTokenHeaders } from '../src/analysis.js'; import { selectTrustifyDABackend } from '../src/index.js' -const testUrl = 'https://trustify-da.example.com'; -const testUrl2 = 'https://dev.trustify-da.example.com'; +chai.use(sinonChai) suite('testing Select Trustify DA Backend function', () => { + const testUrl = 'https://trustify-da.example.com'; + const testUrl2 = 'https://dev.trustify-da.example.com'; test('When TRUSTIFY_DA_BACKEND_URL is set in environment variable, should return that value', () => { process.env['TRUSTIFY_DA_BACKEND_URL'] = testUrl; @@ -63,3 +68,14 @@ suite('testing Select Trustify DA Backend function', () => { }).afterAll(() => { delete process.env['TRUSTIFY_DA_BACKEND_URL']; }); + +suite('verify token header logging', () => { + test('don\'t log the token header', () => { + getTokenHeaders({ + 'TRUSTIFY_DA_TOKEN': 'banana', + 'TRUSTIFY_DA_DEBUG': 'true' + }) + // Should only be called once with "Headers Values to be sent to Trustify DA backend:" + expect(console.log).to.be.calledOnce + }) +}).beforeAll(() => sinon.spy(console, 'log')).afterAll(() => console.log.restore())