Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Redact sensitive header when DEBUG is set #1218

Open
wants to merge 19 commits into
base: master
Choose a base branch
from
+128 −2
Open

Redact sensitive header when DEBUG is set #1218

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
19 commits
Select commit Hold shift + click to select a range
a543836
init sanitizer
minhanh-phan Nov 15, 2024
295ed73
update change
minhanh-phan Nov 15, 2024
4a7cc5f
Merge branch 'master' of https://github.com/openai/openai-node into r…
minhanh-phan Nov 21, 2024
670e3c0
update headers tests
minhanh-phan Dec 10, 2024
d697bd5
Merge branch 'master' of https://github.com/openai/openai-node into r…
minhanh-phan Dec 10, 2024
0cdbffc
update
minhanh-phan Dec 10, 2024
182f201
update2
minhanh-phan Dec 10, 2024
82cc79d
revert changes
minhanh-phan Dec 10, 2024
2e2ccc6
redo change
minhanh-phan Dec 10, 2024
04e3309
reset debug value
minhanh-phan Dec 10, 2024
52b0439
Update based on feedback
minhanh-phan Dec 10, 2024
f6a79bb
undo quotation change
minhanh-phan Dec 10, 2024
f3d6855
update lint
minhanh-phan Dec 11, 2024
8360f85
update based on feedback
minhanh-phan Dec 12, 2024
632adfc
Merge branch 'master' of https://github.com/openai/openai-node into r…
minhanh-phan Dec 12, 2024
db6a963
Merge branch 'master' into redact-sensitive-header
minhanh-phan Dec 16, 2024
e9ff584
avoid JSON for cloning
RobertCraigie Dec 16, 2024
28bc8e3
avoid making copies until we have to
RobertCraigie Dec 16, 2024
9eb8d6b
Merge branch 'master' into redact-sensitive-header
minhanh-phan Dec 18, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 35 additions & 1 deletion src/core.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1138,9 +1138,43 @@ function applyHeadersMut(targetHeaders: Headers, newHeaders: Headers): void {
}
}

const SENSITIVE_HEADERS = new Set(['authorization', 'api-key']);

export function debug(action: string, ...args: any[]) {
if (typeof process !== 'undefined' && process?.env?.['DEBUG'] === 'true') {
console.log(`OpenAI:DEBUG:${action}`, ...args);
const modifiedArgs = args.map((arg) => {
if (!arg) {
return arg;
}

// Check for sensitive headers in request body 'headers' object
if (arg['headers']) {
// clone so we don't mutate
const modifiedArg = { ...arg, headers: { ...arg['headers'] } };

for (const header in arg['headers']) {
if (SENSITIVE_HEADERS.has(header.toLowerCase())) {
modifiedArg['headers'][header] = 'REDACTED';
RobertCraigie marked this conversation as resolved.
Show resolved Hide resolved
}
}

return modifiedArg;
}

let modifiedArg = null;

// Check for sensitive headers in headers object
for (const header in arg) {
if (SENSITIVE_HEADERS.has(header.toLowerCase())) {
// avoid making a copy until we need to
modifiedArg ??= { ...arg };
modifiedArg[header] = 'REDACTED';
}
}

return modifiedArg ?? arg;
});
console.log(`OpenAI:DEBUG:${action}`, ...modifiedArgs);
}
}

Expand Down
94 changes: 93 additions & 1 deletion tests/index.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

import OpenAI from 'openai';
import { APIUserAbortError } from 'openai';
import { Headers } from 'openai/core';
import { debug, Headers } from 'openai/core';
import defaultFetch, { Response, type RequestInit, type RequestInfo } from 'node-fetch';

describe('instantiate client', () => {
Expand Down Expand Up @@ -411,3 +411,95 @@ describe('retries', () => {
expect(count).toEqual(3);
});
});

describe('debug()', () => {
const env = process.env;
const spy = jest.spyOn(console, 'log');

beforeEach(() => {
jest.resetModules();
process.env = { ...env };
process.env['DEBUG'] = 'true';
});

afterEach(() => {
process.env = env;
});

test('body request object with Authorization header', function () {
RobertCraigie marked this conversation as resolved.
Show resolved Hide resolved
// Test request body includes headers object with Authorization
const headersTest = {
headers: {
Authorization: 'fakeAuthorization',
},
};
debug('request', headersTest);
expect(spy).toHaveBeenCalledWith('OpenAI:DEBUG:request', {
headers: {
Authorization: 'REDACTED',
},
});
});

test('body request object with api-key header', function () {
// Test request body includes headers object with api-ley
const apiKeyTest = {
headers: {
'api-key': 'fakeKey',
},
};
debug('request', apiKeyTest);
expect(spy).toHaveBeenCalledWith('OpenAI:DEBUG:request', {
headers: {
'api-key': 'REDACTED',
},
});
});

test('header object with Authorization header', function () {
// Test headers object with authorization header
const authorizationTest = {
authorization: 'fakeValue',
};
debug('request', authorizationTest);
expect(spy).toHaveBeenCalledWith('OpenAI:DEBUG:request', {
authorization: 'REDACTED',
});
});

test('input args are not mutated', function () {
const authorizationTest = {
authorization: 'fakeValue',
};
const client = new OpenAI({
baseURL: 'http://localhost:5000/',
defaultHeaders: authorizationTest,
apiKey: 'api-key',
});

const { req } = client.buildRequest({ path: '/foo', method: 'post' });
debug('request', authorizationTest);
expect((req.headers as Headers)['authorization']).toEqual('fakeValue');
expect(spy).toHaveBeenCalledWith('OpenAI:DEBUG:request', {
authorization: 'REDACTED',
});
});

test('input headers are not mutated', function () {
const authorizationTest = {
authorization: 'fakeValue',
};
const client = new OpenAI({
baseURL: 'http://localhost:5000/',
defaultHeaders: authorizationTest,
apiKey: 'api-key',
});

const { req } = client.buildRequest({ path: '/foo', method: 'post' });
debug('request', { headers: req.headers });
expect((req.headers as Headers)['authorization']).toEqual('fakeValue');
expect(spy).toHaveBeenCalledWith('OpenAI:DEBUG:request', {
authorization: 'REDACTED',
});
});
});