From 3f7db15fde6fffc5e7052151cb849f21f321ddb8 Mon Sep 17 00:00:00 2001
From: Asher <ash@coder.com>
Date: Thu, 4 May 2023 10:54:41 -0800
Subject: [PATCH] Redact sensitive args from handshake debug log

---
 src/node/cli.ts     | 17 ++++++++++++-----
 src/node/wrapper.ts | 12 +++++++++---
 2 files changed, 21 insertions(+), 8 deletions(-)

diff --git a/src/node/cli.ts b/src/node/cli.ts
index 18929faa0..eab083ab5 100644
--- a/src/node/cli.ts
+++ b/src/node/cli.ts
@@ -435,15 +435,22 @@ export const parse = (
 
   logger.debug(() => [
     `parsed ${opts?.configFile ? "config" : "command line"}`,
-    field("args", {
+    field("args", redactArgs(args)),
+  ])
+
+  return args
+}
+
+/**
+ * Redact sensitive information from arguments for logging.
+ */
+export const redactArgs = (args: UserProvidedArgs): UserProvidedArgs => {
+  return {
       ...args,
       password: args.password ? "<redacted>" : undefined,
       "hashed-password": args["hashed-password"] ? "<redacted>" : undefined,
       "github-auth": args["github-auth"] ? "<redacted>" : undefined,
-    }),
-  ])
-
-  return args
+    }
 }
 
 /**
diff --git a/src/node/wrapper.ts b/src/node/wrapper.ts
index 7cc30eef8..4b8a61be7 100644
--- a/src/node/wrapper.ts
+++ b/src/node/wrapper.ts
@@ -3,7 +3,7 @@ import * as cp from "child_process"
 import * as path from "path"
 import * as rfs from "rotating-file-stream"
 import { Emitter } from "../common/emitter"
-import { DefaultedArgs } from "./cli"
+import { DefaultedArgs, redactArgs } from "./cli"
 import { paths } from "./util"
 
 const timeoutInterval = 10000 // 10s, matches VS Code's timeouts.
@@ -44,10 +44,11 @@ export function onMessage<M, T extends M>(
     }
 
     const onMessage = (message: M) => {
-      ;(customLogger || logger).debug("got message", field("message", message))
       if (fn(message)) {
         cleanup()
         resolve(message)
+      } else {
+        ;(customLogger || logger).debug("got unhandled message", field("message", message))
       }
     }
 
@@ -181,6 +182,10 @@ export class ChildProcess extends Process {
       },
       this.logger,
     )
+    this.logger.debug("got message", field("message", {
+      type: message.type,
+      args: redactArgs(message.args),
+    }))
     return message.args
   }
 
@@ -339,13 +344,14 @@ export class ParentProcess extends Process {
     if (!this.args) {
       throw new Error("started without args")
     }
-    await onMessage<ChildMessage, ChildHandshakeMessage>(
+    const message = await onMessage<ChildMessage, ChildHandshakeMessage>(
       child,
       (message): message is ChildHandshakeMessage => {
         return message.type === "handshake"
       },
       this.logger,
     )
+    this.logger.debug("got message", field("message", message))
     this.send(child, { type: "handshake", args: this.args })
   }