slackapi · zimeg · Jun 25, 2024 · Jun 25, 2024 · Jun 25, 2024 · Jun 25, 2024
diff --git a/packages/socket-mode/package.json b/packages/socket-mode/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@slack/socket-mode",
-  "version": "2.0.0",
+  "version": "2.0.1",
   "description": "Official library for using the Slack Platform's Socket Mode API",
   "author": "Slack Technologies, LLC",
   "license": "MIT",

diff --git a/packages/socket-mode/src/SocketModeClient.spec.ts b/packages/socket-mode/src/SocketModeClient.spec.ts
@@ -275,6 +275,95 @@ describe('SocketModeClient', () => {
         assert.equal(passedEnvelopeId, envelopeId);
       });
     });
+
+    describe('redact', () => {
+      let spies: sinon.SinonSpy;
+
+      beforeEach(() => {
+        spies = sinon.spy();
+      });
+
+      afterEach(() => {
+        sinon.reset();
+      });
+
+      it('should remove tokens and secrets from incoming messages', async () => {
+        const logger = new ConsoleLogger();
+        logger.debug = spies;
+        const client = new SocketModeClient({
+          appToken: 'xapp-example-001',
+          logger,
+        });
+
+        const input = {
+          type: 'hello',
+          payload: {
+            example: '12',
+            token: 'xoxb-example-001',
+            event: {
+              bot_access_token: 'xwfp-redaction-001',
+            },
+            values: {
+              secret: 'abcdef',
+            },
+            inputs: [
+              { id: 'example', mock: 'testing' },
+              { id: 'mocking', mock: 'testure' },
+            ],
+          },
+        };
+        const expected = {
+          type: 'hello',
+          payload: {
+            example: '12',
+            token: '[[REDACTED]]',
+            event: {
+              bot_access_token: '[[REDACTED]]',
+            },
+            values: {
+              secret: '[[REDACTED]]',
+            },
+            inputs: [
+              { id: 'example', mock: 'testing' },
+              { id: 'mocking', mock: 'testure' },
+            ],
+          },
+        };
+
+        client.emit('message', JSON.stringify(input));
+        assert(spies.called);
+        assert(spies.calledWith(`Received a message on the WebSocket: ${JSON.stringify(expected)}`));
+      });
+
+      it('should respond with undefined when attempting to redact undefined', async () => {
+        const logger = new ConsoleLogger();
+        logger.debug = spies;
+        const client = new SocketModeClient({
+          appToken: 'xapp-example-001',
+          logger,
+        });
+
+        const input = undefined;
+
+        client.emit('message', JSON.stringify(input));
+        assert(spies.called);
+        assert(spies.calledWith('Received a message on the WebSocket: undefined'));
+      });
+
+      it('should print the incoming data if parsing errors happen', async () => {
+        const logger = new ConsoleLogger();
+        logger.debug = spies;
+        logger.error = spies;
+        const client = new SocketModeClient({
+          appToken: 'xapp-example-001',
+          logger,
+        });
+
+        client.emit('message', '{"number":');
+        assert(spies.called);
+        assert(spies.calledWith('Received a message on the WebSocket: {"number":'));
+      });
+    });
   });
 });
 

diff --git a/packages/socket-mode/src/SocketModeClient.ts b/packages/socket-mode/src/SocketModeClient.ts
@@ -284,8 +284,6 @@
       this.logger.debug('Unexpected binary message received, ignoring.');
       return;
     }
-    const payload = data.toString();
-    this.logger.debug(`Received a message on the WebSocket: ${payload}`);
 
     // Parse message into slack event
     let event: {
@@ -299,10 +297,13 @@
       accepts_response_payload?: boolean; // type: events_api, slash_commands, interactive
     };
 
+    const payload = data?.toString();
     try {
       event = JSON.parse(payload);
+      this.logger.debug(`Received a message on the WebSocket: ${JSON.stringify(SocketModeClient.redact(event))}`);
     } catch (parseError) {
       // Prevent application from crashing on a bad message, but log an error to bring attention
+      this.logger.debug(`Received a message on the WebSocket: ${payload}`);
       this.logger.debug(
         `Unable to parse an incoming WebSocket message (will ignore): ${parseError}, ${payload}`,
       );
@@ -325,7 +326,7 @@
     // Define Ack, a helper method for acknowledging events incoming from Slack
     const ack = async (response: Record<string, unknown>): Promise<void> => {
       if (this.logger.getLevel() === LogLevel.DEBUG) {
-        this.logger.debug(`Calling ack() - type: ${event.type}, envelope_id: ${event.envelope_id}, data: ${JSON.stringify(response)}`);
+        this.logger.debug(`Calling ack() - type: ${event.type}, envelope_id: ${event.envelope_id}, data: ${JSON.stringify(SocketModeClient.redact(response))}`);
       }
       await this.send(event.envelope_id, response);
     };
@@ -386,9 +387,8 @@
       } else {
         this.emit('outgoing_message', message);
 
-        const flatMessage = JSON.stringify(message);
-        this.logger.debug(`Sending a WebSocket message: ${flatMessage}`);
-        this.websocket.send(flatMessage, (error) => {
+        this.logger.debug(`Sending a WebSocket message: ${JSON.stringify(SocketModeClient.redact(message))}`);
+        this.websocket.send(JSON.stringify(message), (error) => {
           if (error) {
             this.logger.error(`Failed to send a WebSocket message (error: ${error})`);
             return reject(websocketErrorWithOriginal(error));
@@ -398,6 +398,37 @@
       }
     });
   }
+
+  /**
+   * Removes secrets and tokens from socket request and response objects
+   * before logging.
+   * @param body - the object with values for redaction.
+   * @returns the same object with redacted values.
+   */
+  private static redact(body?: Record<string, unknown>): Record<string, unknown> | unknown[] | undefined {
+    if (body === undefined || body === null) {
+      return body;
+    }
+    const records = Object.create(body);
+    if (Array.isArray(body)) {
+      return body.map((item) => (
+        (typeof item === 'object' && item !== null) ?
+          SocketModeClient.redact(item as Record<string, unknown>) :
+          item
+      ));
+    }
+    Object.keys(body).forEach((key: string) => {
+      const value = body[key];
+      if (typeof value === 'object' && value !== null) {
+        records[key] = SocketModeClient.redact(value as Record<string, unknown>);
+      } else if (key.match(/.*token.*/) !== null || key.match(/secret/)) {
+        records[key] = '[[REDACTED]]';
+      } else {
+        records[key] = value;
+      }
+    });
+    return records;
+  }
 }
 
 /* Instrumentation */