Skip to content

Commit

Permalink
fix(HTTP Request Node): Do not modify request object when sanitizing …
Browse files Browse the repository at this point in the history 
…message for UI (n8n-io#10923)
  • Loading branch information
@michael-radency
michael-radency committed Sep 23, 2024
1 parent 60ee0d4 commit 8cc10cc
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 10 deletions.
22 changes: 14 additions & 8 deletions packages/nodes-base/nodes/HttpRequest/GenericFunctions.ts
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,12 @@
import type { SecureContextOptions } from 'tls';
import type {
ICredentialDataDecryptedObject,
IDataObject,
INodeExecutionData,
INodeProperties,
IOAuth2Options,
IRequestOptions,
import {
deepCopy,
type ICredentialDataDecryptedObject,
type IDataObject,
type INodeExecutionData,
type INodeProperties,
type IOAuth2Options,
type IRequestOptions,
} from 'n8n-workflow';

import set from 'lodash/set';
Expand Down Expand Up @@ -60,7 +61,12 @@ export function sanitizeUiMessage(
authDataKeys: IAuthDataSanitizeKeys,
secrets?: string[],
) {
let sendRequest = request as unknown as IDataObject;
const { body, ...rest } = request as IDataObject;

let sendRequest: IDataObject = { body };
for (const [key, value] of Object.entries(rest)) {
sendRequest[key] = deepCopy(value);
}

// Protect browser from sending large binary data
if (Buffer.isBuffer(sendRequest.body) && sendRequest.body.length > 250000) {
Expand Down
14 changes: 12 additions & 2 deletions packages/nodes-base/nodes/HttpRequest/test/utils/utils.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,7 +93,7 @@ describe('HTTP Node Utils', () => {
);
});

it('should remove keys that contain sensitive data', async () => {
it('should remove keys that contain sensitive data and do not modify requestOptions', async () => {
const requestOptions: IRequestOptions = {
method: 'POST',
uri: 'https://example.com',
Expand All @@ -115,6 +115,14 @@ describe('HTTP Node Utils', () => {
method: 'POST',
uri: 'https://example.com',
});

expect(requestOptions).toEqual({
method: 'POST',
uri: 'https://example.com',
body: { sessionToken: 'secret', other: 'foo' },
headers: { authorization: 'secret', other: 'foo' },
auth: { user: 'user', password: 'secret' },
});
});

it('should remove secrets', async () => {
Expand All @@ -125,7 +133,9 @@ describe('HTTP Node Utils', () => {
headers: { authorization: 'secretAccessToken', other: 'foo' },
};

expect(sanitizeUiMessage(requestOptions, {}, ['secretAccessToken'])).toEqual({
const sanitizedRequest = sanitizeUiMessage(requestOptions, {}, ['secretAccessToken']);

expect(sanitizedRequest).toEqual({
body: {
nested: {
secret: REDACTED,
Expand Down

0 comments on commit 8cc10cc

Please sign in to comment.