WIP: Sanitization function that keeps track of parentheses depth

Author: schwma

lib/logger.js

@@ -6,6 +6,25 @@ const LOG = cds.log('graphql')
 
 const _isEmptyObject = o => Object.keys(o).length === 0
 
+const _sanitizeArguments = query => {
+  let result = ''
+  let depth = 0
+
+  for (const char of query) {
+    if (char === '(') {
+      if (depth === 0) result += '( '
+      depth++
+    } else if (char === ')') {
+      depth--
+      if (depth === 0) result += '*** )'
+    } else {
+      if (depth === 0) result += char
+    }
+  }
+
+  return result
+}
+
 const queryLogger = (req, _, next) => {
   let query = req.body?.query || (req.query.query && decodeURIComponent(req.query.query))
   // Only log requests that contain a query
@@ -41,7 +60,7 @@ const queryLogger = (req, _, next) => {
   // If query is multiline string, add newline padding to front
   let formattedQuery = query.includes('\n') ? `\n${query}` : query
   // Sanitize all values between parentheses
-  if (IS_PRODUCTION) formattedQuery = formattedQuery.replace(/\([\s\S]*?\)/g, '( *** )')
+  if (IS_PRODUCTION) formattedQuery = _sanitizeArguments(formattedQuery)
 
   // Don't log undefined values
   LOG.info(...[req.method, formattedQueryInfo, formattedQuery].filter(e => e))