TheThing/node-bunyan-lite
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Wiki Activity

change to 'err' serialization to NOT include extra err attributes: for safety

Browse source
This commit is contained in:
Trent Mick 2013-03-11 15:51:33 -07:00
parent cbfb9b010b
commit 3f6c2bea36
2 changed files with 49 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

48
CHANGES.md
View file

@ -6,11 +6,55 @@ Known issues:
bug](https://github.com/TooTallNate/node-gyp/issues/65). bug](https://github.com/TooTallNate/node-gyp/issues/65).
## bunyan 0.18.4 (not yet released) ## bunyan 0.19.0 (not yet released)
- [Slight backward incompatibility] Change the default error serialization
(a.k.a. `bunyan.stdSerializers.err`) to *not* serialize all additional
attributes of the given error object. This is an open door to unsafe logging
and logging should always be safe. With this change, error serialization
will log these attributes: message, name, stack, code, signal. The latter
two are added because some core node APIs include those fields (e.g.
`child_process.exec`).
Concrete examples where this has hurt have been the "domain" change
necessitating 0.18.3 and a case where
[node-restify](https://github.com/mcavage/node-restify) uses an error object
as the response object. When logging the `err` and `res` in the same log
statement (common for restify audit logging), the `res.body` would be JSON
stringified as '[Circular]' as it had already been emitted for the `err` key.
This results in a WTF with the bunyan CLI because the `err.body` is not
rendered.
If you need the old behaviour back you will need to do this:
var bunyan = require('bunyan');
var errSkips = {
// Skip domain keys. `domain` especially can have huge objects that can
// OOM your app when trying to JSON.stringify.
domain: true,
domain_emitter: true,
domain_bound: true,
domain_thrown: true
};
bunyan.stdSerializers.err = function err(err) {
if (!err || !err.stack)
return err;
var obj = {
message: err.message,
name: err.name,
stack: getFullErrorStack(err)
}
Object.keys(err).forEach(function (k) {
if (err[k] !== undefined && !errSkips[k]) {
obj[k] = err[k];
}
});
return obj;
};
- "long" and "bunyan" output formats for the CLI. `bunyan -o long` is the default - "long" and "bunyan" output formats for the CLI. `bunyan -o long` is the default
format, the same as before, just called "long" now instead of the cheesy "paul" format, the same as before, just called "long" now instead of the cheesy "paul"
name. The "bunyan" output format is the same as "json-0", just with a more name. The "bunyan" output format is the same as "json-0", just with a more
convenient name. convenient name.

17
lib/bunyan.js
View file

@ -879,27 +879,16 @@ function getFullErrorStack(ex)
// Serialize an Error object // Serialize an Error object
// (Core error properties are enumerable in node 0.4, not in 0.6). // (Core error properties are enumerable in node 0.4, not in 0.6).
var errSkips = {
// Skip domain keys. `domain` especially can have huge objects that can
// OOM your app when trying to JSON.stringify.
domain: true,
domain_emitter: true,
domain_bound: true,
domain_thrown: true
};
var errSerializer = Logger.stdSerializers.err = function err(err) { var errSerializer = Logger.stdSerializers.err = function err(err) {
if (!err || !err.stack) if (!err || !err.stack)
return err; return err;
var obj = { var obj = {
message: err.message, message: err.message,
name: err.name, name: err.name,
stack: getFullErrorStack(err) stack: getFullErrorStack(err),
code: err.code,
signal: err.signal
} }
Object.keys(err).forEach(function (k) {
if (err[k] !== undefined && !errSkips[k]) {
obj[k] = err[k];
}
});
return obj; return obj;
}; };