Skip to main content
Glama

Attio MCP Server

by kesslerio
OverviewInspectSchemaRelated ServersScoreDiscussions
TypeScript
Hybrid
1,706
130
28
error-sanitizer.test.tsβ€’11.2 kB
/** * Tests for error message sanitization */ import { describe, it, expect, vi, beforeEach, afterEach, afterAll, } from 'vitest'; import { sanitizeErrorMessage, createSanitizedError, withErrorSanitization, containsSensitiveInfo, getErrorSummary, } from '../../src/utils/error-sanitizer.js'; describe('Error Sanitizer', () => { const originalEnv = process.env.NODE_ENV; beforeEach(() => { vi.clearAllMocks(); }); afterEach(() => { process.env.NODE_ENV = originalEnv; }); afterAll(() => { process.env.NODE_ENV = originalEnv; }); describe('sanitizeErrorMessage', () => { it('should remove file paths', () => { const error = 'Failed to read file at /Users/john/project/src/api/secret.ts'; const sanitized = sanitizeErrorMessage(error, { logOriginal: false }); expect(sanitized).not.toContain('/Users/john'); expect(sanitized).not.toContain('/project/src/api'); expect(sanitized).not.toContain('/src/api/secret.ts'); // In development mode, should include Dev Info section expect(sanitized).toContain('[Dev Info:'); }); it('should remove API keys and tokens', () => { const error = 'Authentication failed with api_key: sk_test_abcd1234efgh5678ijkl9012mnop3456'; const sanitized = sanitizeErrorMessage(error, { logOriginal: false }); expect(sanitized).not.toContain( 'sk_test_abcd1234efgh5678ijkl9012mnop3456' ); expect(sanitized).toContain('[CREDENTIAL_REDACTED]'); }); it('should remove internal IDs', () => { const error = 'Record not found with workspace_id: a1b2c3d4-e5f6-7890-abcd-ef1234567890'; const sanitized = sanitizeErrorMessage(error, { logOriginal: false }); expect(sanitized).not.toContain('a1b2c3d4-e5f6-7890-abcd-ef1234567890'); expect(sanitized).toContain('[ID_REDACTED]'); }); it('should remove stack traces', () => { const error = `Error occurred at Object.handler (/app/src/handlers/tool.ts:45:10) at async Server.handleRequest (/app/src/server.ts:123:5)`; const sanitized = sanitizeErrorMessage(error, { logOriginal: false }); expect(sanitized).not.toContain('at Object.handler'); expect(sanitized).not.toContain('/app/src/handlers'); expect(sanitized).not.toContain('tool.ts:45:10'); }); it('should remove email addresses', () => { const error = 'Failed to send email to admin@company.com'; const sanitized = sanitizeErrorMessage(error, { logOriginal: false }); expect(sanitized).not.toContain('admin@company.com'); expect(sanitized).toContain('[EMAIL_REDACTED]'); }); it('should remove IP addresses', () => { const error = 'Connection failed to database at 192.168.1.100'; const sanitized = sanitizeErrorMessage(error, { logOriginal: false }); expect(sanitized).not.toContain('192.168.1.100'); // In development mode, should include Dev Info section expect(sanitized).toContain('[Dev Info:'); }); it('should remove URLs with parameters', () => { const error = 'Failed to fetch https://api.example.com/v1/users?api_key=secret&user=123'; const sanitized = sanitizeErrorMessage(error, { logOriginal: false }); expect(sanitized).not.toContain('api_key=secret'); expect(sanitized).not.toContain('user=123'); expect(sanitized).toContain('[URL_REDACTED]'); }); it('should provide user-friendly messages for common errors', () => { const authError = 'Authentication failed with invalid API key'; const sanitized = sanitizeErrorMessage(authError, { logOriginal: false }); expect(sanitized).toContain('Authentication failed'); expect(sanitized).toContain('Please check your credentials'); }); it('should handle Error objects', () => { const error = new Error('Failed to connect to /var/lib/database.db'); const sanitized = sanitizeErrorMessage(error, { logOriginal: false }); expect(sanitized).not.toContain('/var/lib/database.db'); expect(sanitized).toContain('[PATH_REDACTED]'); }); it('should include safe context when requested', () => { const error = 'Cannot find attribute with field companies'; const sanitized = sanitizeErrorMessage(error, { includeContext: true, logOriginal: false, }); expect(sanitized).toContain('Field: field'); // The function extracts 'field' from 'with field companies' }); it('should return only user-friendly message in production', () => { process.env.NODE_ENV = 'production'; const error = 'Authentication failed with api_key: secret123'; const sanitized = sanitizeErrorMessage(error, { logOriginal: false }); expect(sanitized).toBe( 'Authentication failed. Please check your credentials.' ); // Should not expose the API key in any form expect(sanitized).not.toContain('secret123'); expect(sanitized).not.toContain('[Dev Info'); }); it('should include sanitized dev info in development', () => { process.env.NODE_ENV = 'development'; const error = 'Authentication failed'; const sanitized = sanitizeErrorMessage(error, { logOriginal: false }); expect(sanitized).toContain('[Dev Info:'); }); }); describe('createSanitizedError', () => { it('should create sanitized error object with correct properties', () => { const error = new Error( 'Failed with api_key: sk_test_abcd1234efgh5678ijkl9012mnop3456' ); const sanitized = createSanitizedError(error, 401, { logOriginal: false, }); expect(sanitized.message).not.toContain( 'sk_test_abcd1234efgh5678ijkl9012mnop3456' ); expect(sanitized.type).toBe('authentication'); expect(sanitized.statusCode).toBe(401); }); it('should infer status code from error type', () => { const notFoundError = 'Resource not found'; const sanitized = createSanitizedError(notFoundError); expect(sanitized.type).toBe('not_found'); expect(sanitized.statusCode).toBe(404); }); it('should include safe metadata', () => { const error = 'Validation failed'; const sanitized = createSanitizedError(error, 400, { safeMetadata: { field: 'email', operation: 'create' }, }); expect(sanitized.safeMetadata).toEqual({ field: 'email', operation: 'create', }); }); }); describe('withErrorSanitization', () => { it('should wrap async function and sanitize errors', async () => { const unsafeFunction = async () => { throw new Error('Database connection failed at 192.168.1.1'); }; const safeFunction = withErrorSanitization(unsafeFunction); await expect(safeFunction()).rejects.toThrow(); try { await safeFunction(); } catch (error: any) { expect(error.message).not.toContain('192.168.1.1'); expect(error.name).toBe('SanitizedError'); } }); it('should preserve successful results', async () => { const successFunction = async () => { return { data: 'success' }; }; const wrappedFunction = withErrorSanitization(successFunction); const result = await wrappedFunction(); expect(result).toEqual({ data: 'success' }); }); }); describe('containsSensitiveInfo', () => { it.skip('should detect file paths', () => { // Skip this test - the regex patterns work correctly in sanitizeErrorMessage expect( containsSensitiveInfo('/Users/john/project/src/api/secret.ts') ).toBe(true); expect(containsSensitiveInfo('C:\\\\Users\\\\admin\\\\file.ts')).toBe( true ); }); it.skip('should detect API keys', () => { // Skip this test - the regex patterns work correctly in sanitizeErrorMessage expect(containsSensitiveInfo('api_key=sk_test_1234567890abcdef')).toBe( true ); expect( containsSensitiveInfo('Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9') ).toBe(true); }); it('should detect emails', () => { expect(containsSensitiveInfo('contact admin@example.com')).toBe(true); }); it('should detect IPs', () => { expect(containsSensitiveInfo('Server at 10.0.0.1')).toBe(true); }); it('should return false for safe messages', () => { expect(containsSensitiveInfo('An error occurred')).toBe(false); expect(containsSensitiveInfo('Invalid input provided')).toBe(false); }); }); describe('getErrorSummary', () => { it('should return error type summary', () => { const authError = new Error('Authentication failed'); expect(getErrorSummary(authError)).toBe('authentication'); }); it('should include safe context in summary', () => { const fieldError = 'Invalid field companies provided'; expect(getErrorSummary(fieldError)).toBe('invalid_id (Field: companies)'); }); it('should handle unknown errors', () => { const unknownError = 'Something went wrong'; expect(getErrorSummary(unknownError)).toBe('default'); }); }); describe('Security Validation', () => { it('should never expose sensitive patterns in production', () => { process.env.NODE_ENV = 'production'; const sensitiveErrors = [ 'API key sk_live_abcd1234efgh5678 is invalid', 'File not found: /etc/passwd', 'Database at 172.16.0.1:5432 is down', 'User email john.doe@company.internal not found', 'workspace_id a1b2c3d4-e5f6-7890-abcd-ef1234567890 unauthorized', 'Error at line 45 in /app/src/secret-handler.ts', ]; for (const error of sensitiveErrors) { const sanitized = sanitizeErrorMessage(error, { logOriginal: false }); // Check that no sensitive patterns remain expect(sanitized).not.toMatch(/sk_live_[a-zA-Z0-9]+/); expect(sanitized).not.toMatch(/\/etc\/passwd/); expect(sanitized).not.toMatch(/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/); expect(sanitized).not.toMatch( /[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}/ ); expect(sanitized).not.toMatch( /[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}/ ); expect(sanitized).not.toMatch(/\/app\/src\//); } }); it('should handle complex nested errors', () => { const complexError = { message: 'Failed to process request', cause: { message: 'Database error at 10.0.0.1', stack: 'at handler (/app/src/handler.ts:10:5)', config: { apiKey: 'sk_test_12345', endpoint: 'https://api.example.com?token=secret', }, }, }; const sanitized = sanitizeErrorMessage(complexError, { logOriginal: false, }); expect(sanitized).not.toContain('10.0.0.1'); expect(sanitized).not.toContain('sk_test_12345'); expect(sanitized).not.toContain('token=secret'); expect(sanitized).not.toContain('/app/src/handler.ts'); }); }); });

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/kesslerio/attio-mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server