Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

socket-mode(fix): redact ephemeral tokens and secrets from debug logs #1831

Open
wants to merge 4 commits into
base: socket-mode-1.3.x
Choose a base branch
from
Open

socket-mode(fix): redact ephemeral tokens and secrets from debug logs #1831

wants to merge 4 commits into from

Conversation

zimeg
Copy link
Member

@zimeg zimeg commented Jun 25, 2024
edited
Loading

Summary

This PR replaces values that should be redacted in debug logs - such as the ephemeral bot_access_token used in custom functions and interactor.secret - with [[REDACTED]].

Preview

Example output differences are found towards the end:

- [DEBUG]  socket-mode:SocketModeClient:0 Received a message on the WebSocket: {"envelope_id":"15726246-7de2-491a-95ed-09ba986b1c6b","payload":{"type":"block_actions","team":{"id":"T038J6TH5PF","domain":"sandbox"},"enterprise":null,"user":{"id":"U03SV4BFTJP","name":"me","team_id":"T038J6TH5PF"},"channel":{"id":"D079CP6N3GW","name":"directmessage"},"message":{"user":"U0794R4RBLP","type":"message","ts":"1719282819.865949","bot_id":"B07A85ZNJMN","app_id":"A079CP1699U","text":"Placeholder text","team":"T038J6TH5PF","blocks":[{"type":"section","block_id":"I9kjf","text":{"type":"mrkdwn","text":"Placeholder text","verbatim":false},"accessory":{"type":"button","action_id":"sample_button","text":{"type":"plain_text","text":"Complete function","emoji":true}}}]},"container":{"type":"message","message_ts":"1719282819.865949","channel_id":"D079CP6N3GW","is_ephemeral":false},"actions":[{"block_id":"I9kjf","action_id":"sample_button","type":"button","text":{"type":"plain_text","text":"Complete function","emoji":true},"action_ts":"1719282823.103643"}],"api_app_id":"A079CP1699U","state":{"values":{}},"bot_access_token":"xwfp-example-001","function_data":{"execution_id":"Fx079KPY1T6X","function":{"callback_id":"sample_function"},"inputs":{"user_id":"U03SV4BFTJP"}},"interactivity":{"interactor":{"secret":"someothervalue","id":"U03SV4BFTJP"},"interactivity_pointer":"7323025435029.3290231583797.b4a081dcb5a60882b1eea4d00e4dbc28"}},"type":"interactive","accepts_response_payload":false}
+ [DEBUG]  socket-mode:SocketModeClient:0 Received a message on the WebSocket: {"envelope_id":"15726246-7de2-491a-95ed-09ba986b1c6b","payload":{"type":"block_actions","team":{"id":"T038J6TH5PF","domain":"sandbox"},"enterprise":null,"user":{"id":"U03SV4BFTJP","name":"me","team_id":"T038J6TH5PF"},"channel":{"id":"D079CP6N3GW","name":"directmessage"},"message":{"user":"U0794R4RBLP","type":"message","ts":"1719282819.865949","bot_id":"B07A85ZNJMN","app_id":"A079CP1699U","text":"Placeholder text","team":"T038J6TH5PF","blocks":[{"type":"section","block_id":"I9kjf","text":{"type":"mrkdwn","text":"Placeholder text","verbatim":false},"accessory":{"type":"button","action_id":"sample_button","text":{"type":"plain_text","text":"Complete function","emoji":true}}}]},"container":{"type":"message","message_ts":"1719282819.865949","channel_id":"D079CP6N3GW","is_ephemeral":false},"actions":[{"block_id":"I9kjf","action_id":"sample_button","type":"button","text":{"type":"plain_text","text":"Complete function","emoji":true},"action_ts":"1719282823.103643"}],"api_app_id":"A079CP1699U","state":{"values":{}},"bot_access_token":"[[REDACTED]]","function_data":{"execution_id":"Fx079KPY1T6X","function":{"callback_id":"sample_function"},"inputs":{"user_id":"U03SV4BFTJP"}},"interactivity":{"interactor":{"secret":"[[REDACTED]]","id":"U03SV4BFTJP"},"interactivity_pointer":"7323025435029.3290231583797.b4a081dcb5a60882b1eea4d00e4dbc28"}},"type":"interactive","accepts_response_payload":false}

Reviewers

The changes from this branch can be tested with a new app:

$ npm install
$ npm run build  # Build this branch
$ cd ~/bolt-js
$ npm install ~/path/to/node-slack-sdk/packages/socket-mode
$ npm ls
├── @slack/[email protected] -> ./../node-slack-sdk/packages/socket-mode
$ npm run build  # Build bolt
$ cd
$ slack create example --template slack-samples/bolt-js-custom-function-template
$ cd example
$ npm install ~/path/to/bolt-js
$ npm ls
├── @slack/[email protected] -> ./../../tools/bolt-js
$ slack run

Then add the included "Sample function" to a workflow and inspect logs for [[REDACTED]] values!

Notes

  • Similar changes are applied to both socket-mode@latest on main and the [email protected] branch to backport for Bolt JS.

Requirements

@zimeg zimeg added bug M-T: A confirmed bug report. Issues are confirmed when the reproduction steps are documented semver:patch security pkg:socket-mode applies to `@slack/socket-mode` release labels Jun 25, 2024
@zimeg zimeg added this to the [email protected] milestone Jun 25, 2024
@zimeg zimeg self-assigned this Jun 25, 2024
@zimeg zimeg mentioned this pull request Jun 25, 2024
Open
2 tasks
@zimeg zimeg removed the release label Jun 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@zimeg zimeg

Labels
bug M-T: A confirmed bug report. Issues are confirmed when the reproduction steps are documented pkg:socket-mode applies to `@slack/socket-mode` security semver:patch
Projects
None yet
Milestone
[email protected]
Development

Successfully merging this pull request may close these issues.
1 participant
@zimeg