pizza-logger Sanitization Bug

[frozenfrank]

(Because I couldn't find the actual pizza-logger repository, this was the next best place I could find to report the issue.)

Overview

During sanitization, the replacement REGEX incorrectly replaces an equals sign = with a colon character :.

This will not affect the runtime behavior of any dependent applications, but it could affect the way the logs are viewed. The wrong JS syntax could cause the JSON parser to mess up or display unexpected results in a dashboard context.

Source Code Snippet

// pizza-logger/index.js:55
  sanitize(logData) {
    logData = JSON.stringify(logData);
    logData = logData.replace(/\\"password\\":\s*\\"[^"]*\\"/g, '\\"password\\": \\"*****\\"');
    logData = logData.replace(/\\password\\=\s*\\"[^"]*\\"/g, '\\"password\\": \\"*****\\"');   // Bug on this line replace = with :
    return logData;
  }

Proposed solution No. 1 (simple)

Simply replace the colon : with an equals sign = to preserve the JS syntax.

// pizza-logger/index.js:55
  sanitize(logData) {
    logData = JSON.stringify(logData);
    logData = logData.replace(/\\"password\\":\s*\\"[^"]*\\"/g, '\\"password\\": \\"*****\\"');
    logData = logData.replace(/\\password\\=\s*\\"[^"]*\\"/g, '\\password\\= \\"*****\\"');   // Bug on this line replace = with :
    return logData;
  }

Proposed solution No. 2 (preferred)

Generalize the REGEX to do both replacements in one line. Use capturing groups to preserve important variations like (:/=).

I cannot propose a solution here because I'm personally confused by the differences in the double quotes and backslashes. The more I look at the code samples, I think the second line is simply unnecessary (I don't think the backslashed double-quote characters are actually behaving as intended).

[leesjensen]

@isawamoose - do you want to correct this?