fix: redact req.body.body (#2279)

* fix: redact req.body.body * fix: redact res.body
opengovsg · Sep 25, 2024 · 2cc4ccb · 2cc4ccb
1 parent 6e942c2
commit 2cc4ccb
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/backend/src/core/loaders/express.loader.ts b/backend/src/core/loaders/express.loader.ts
@@ -195,7 +195,7 @@ const expressApp = ({ app }: { app: express.Application }): void => {
       winstonInstance: logger,
       ignoredRoutes: ['/'],
       requestWhitelist: ['method', 'url', 'body', 'headers'],
-      responseWhitelist: ['body', 'statusCode'],
+      responseWhitelist: ['statusCode'],
       requestFilter: (req: Request, propName: string) => {
         if (propName === 'headers' && req.headers.authorization) {
           // we do this instead of adding it to `headerBlacklist`
@@ -218,6 +218,11 @@ const expressApp = ({ app }: { app: express.Application }): void => {
             })
           )
         }
+        if (propName === 'body' && req.body.body) {
+          // An example of req.body.body is the email body of an email that a user wishes to send
+          // We should redact such content as it may contain sensitive information
+          req.body.body = '[REDACTED]'
+        }
         return (req as any)[propName]
       },
       metaField: null, // flatten this log to root instead of nesting under `meta`