Fix errors - ascii in header names, authorization in errors (#246)

2023-04-18 12:09:24 +03:00 · 2023-04-18 12:09:24 +03:00 · e3abf9de71
--- a/.eslintrc.js
+++ b/.eslintrc.js
@ -148,7 +148,7 @@ module.exports = {
        "no-cond-assign": "error",
        "no-console": "error",
        "no-const-assign": "error",
-        "no-control-regex": "error",
+        "no-control-regex": "off",
        "no-debugger": "error",
        "no-delete-var": "error",
        "no-dupe-args": "error",
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -5,6 +5,13 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

+## Unreleased
+
+### Fixed
+
+-   Remove authorization header from errors
+-   Escape non-ascii headers to align with the service
+
 ## [5.0.2] - 2023-03-20

 ### Added
--- a/packages/azure-kusto-data/src/client.ts
+++ b/packages/azure-kusto-data/src/client.ts
@ -203,6 +203,11 @@ export class KustoClient {
        timeout: number,
        properties?: ClientRequestProperties | null
    ): Promise<KustoResponseDataSet> {
+        // replace non-ascii characters with ? in headers
+        for (const key of Object.keys(headers)) {
+            headers[key] = headers[key].replace(/[^\x00-\x7F]+/g, "?");
+        }
+
        const axiosConfig = {
            headers,
            timeout,
@ -212,8 +217,13 @@ export class KustoClient {
        try {
            axiosResponse = await this.axiosInstance.post(endpoint, payload, axiosConfig);
        } catch (error: unknown) {
-            if (axios.isAxiosError(error) && error.response) {
-                if (error.response.status === 429) {
+            if (axios.isAxiosError(error)) {
+                // Since it's impossible to modify the error request object, the only way to censor the Authorization header is to remove it.
+                error.request = undefined;
+                if (error?.config?.headers) {
+                    error.config.headers.Authorization = "<REDACTED>";
+                }
+                if (error.response && error.response.status === 429) {
                    throw new ThrottlingError("POST request failed with status 429 (Too Many Requests)", error);
                }
            }
--- a/packages/azure-kusto-ingest/test/e2eTests/e2eTest.ts
+++ b/packages/azure-kusto-ingest/test/e2eTests/e2eTest.ts
@ -34,7 +34,7 @@ const main = (): void => {
    }

    const engineKcsb = ConnectionStringBuilder.withAadApplicationKeyAuthentication(process.env.ENGINE_CONNECTION_STRING ?? "", appId, appKey, tenantId);
-    engineKcsb.applicationNameForTracing = "NodeE2ETest";
+    engineKcsb.applicationNameForTracing = "NodeE2ETest_ø";

    const queryClient = new Client(engineKcsb);
    const streamingIngestClient = new StreamingIngestClient(engineKcsb);
@ -322,6 +322,9 @@ const main = (): void => {
                try {
                    await queryClient.executeQuery(databaseName, "invalidSyntax ");
                } catch (ex) {
+                    const exTyped = ex as { request: unknown; config: { headers: { [k: string]: string } } };
+                    assert.strictEqual(exTyped.request, undefined);
+                    assert.strictEqual(exTyped.config.headers.Authorization, "<REDACTED>");
                    return;
                }
                assert.fail(`General BadRequest`);