fix: don't stringify JSON for logging

Previously, some logging calls would stringify a JSON structure
before writing it to the log. This is incorrect, and makes for
some awkward logs when reaching. Instead, if you include a message
field in your struct, then it will get printed while the other
fields are printed as structured information in the log.

So this updates logging calls throughout the application to
do the correct thing.

Signed-off-by: Andrew Lilley Brinker <abrinker@mitre.org>

Author: alilleybrinker

src/controller/cve-id.controller/cve-id.controller.js

@@ -578,9 +578,9 @@ async function sequentialReservation (year, amount, shortName, orgShortName, req
     isFull = true
 
     if (isPriority) {
-      logger.error(JSON.stringify({ message: 'The cve id priority and sequential blocks are full for year ' + year + '. No more priority or sequential ids can be reserved at this time.' }))
+      logger.error({ message: 'The cve id priority and sequential blocks are full for year ' + year + '. No more priority or sequential ids can be reserved at this time.' })
     } else {
-      logger.error(JSON.stringify({ message: 'The cve id sequential block is full for year ' + year + '. No more sequential ids can be reserved at this time.' }))
+      logger.error({ message: 'The cve id sequential block is full for year ' + year + '. No more sequential ids can be reserved at this time.' })
     }
 
     res.header(CONSTANTS.QUOTA_HEADER, availableIds)
@@ -688,7 +688,7 @@ async function nonSequentialReservation (year, amount, shortName, orgShortName,
     isFull = result.isFull
 
     if (isFull) {
-      logger.error(JSON.stringify({ message: 'The cve id non-sequential block is full for year ' + year + '. No more sequential ids can be reserved at this time.' }))
+      logger.error({ message: 'The cve id non-sequential block is full for year ' + year + '. No more sequential ids can be reserved at this time.' })
       res.header(CONSTANTS.QUOTA_HEADER, availableIds)
       return res.status(403).json(error.yearRangeFull(year))
     }

src/controller/cve.controller/cve.controller.js

@@ -552,7 +552,7 @@ async function submitCna (req, res, next) {
     result = Cve.validateCveRecord(cveModel.cve)
 
     if (!result.isValid) {
-      logger.error(JSON.stringify({ uuid: req.ctx.uuid, message: 'CVE JSON schema validation FAILED.' }))
+      logger.error({ uuid: req.ctx.uuid, message: 'CVE JSON schema validation FAILED.' })
       return res.status(400).json(error.invalidCnaContainerJsonSchema(result.errors))
     }
 
@@ -658,7 +658,7 @@ async function updateCna (req, res, next) {
     result = Cve.validateCveRecord(cveModel.cve)
 
     if (!result.isValid) {
-      logger.error(JSON.stringify({ uuid: req.ctx.uuid, message: 'CVE JSON schema validation FAILED.' }))
+      logger.error({ uuid: req.ctx.uuid, message: 'CVE JSON schema validation FAILED.' })
       return res.status(400).json(error.invalidCnaContainerJsonSchema(result.errors))
     }
 
@@ -730,7 +730,7 @@ async function rejectCVE (req, res, next) {
 
     result = Cve.validateCveRecord(newCveObj.cve)
     if (!result.isValid) {
-      logger.error(JSON.stringify({ uuid: req.ctx.uuid, message: 'CVE JSON schema validation FAILED.' }))
+      logger.error({ uuid: req.ctx.uuid, message: 'CVE JSON schema validation FAILED.' })
       return res.status(400).json(error.invalidCnaContainerJsonSchema(result.errors))
     }
 
@@ -805,7 +805,7 @@ async function rejectExistingCve (req, res, next) {
 
     result = Cve.validateCveRecord(updatedCve.cve)
     if (!result.isValid) {
-      logger.error(JSON.stringify({ uuid: req.ctx.uuid, message: 'CVE JSON schema validation FAILED.' }))
+      logger.error({ uuid: req.ctx.uuid, message: 'CVE JSON schema validation FAILED.' })
       return res.status(400).json(error.invalidCnaContainerJsonSchema(result.errors))
     }
     result = await cveRepo.updateByCveId(id, updatedCve)
@@ -916,7 +916,7 @@ async function insertAdp (req, res, next) {
     const cveModel = new Cve({ cve: convertDatesToISO(cveRecord, CONSTANTS.DATE_FIELDS) })
     result = Cve.validateCveRecord(cveModel.cve)
     if (!result.isValid) {
-      logger.error(JSON.stringify({ uuid: req.ctx.uuid, message: 'CVE JSON schema validation FAILED.' }))
+      logger.error({ uuid: req.ctx.uuid, message: 'CVE JSON schema validation FAILED.' })
       return res.status(400).json(error.badAdpJson(result.errors))
     }
 

src/controller/cve.controller/cve.middleware.js

@@ -134,7 +134,7 @@ function validateCveCnaContainerJsonSchema (req, res, next) {
   const cnaContainer = req.body
   const result = validateCnaContainer(cnaContainer)
   if (!result) {
-    logger.error(JSON.stringify({ uuid: req.ctx.uuid, message: 'CVE JSON schema validation FAILED.' }))
+    logger.error({ uuid: req.ctx.uuid, message: 'CVE JSON schema validation FAILED.' })
     const temp = validateCnaContainer.errors
     const errorsArray = []
     temp.forEach((error) => {
@@ -144,7 +144,7 @@ function validateCveCnaContainerJsonSchema (req, res, next) {
     })
     return res.status(400).json(error.invalidCnaContainerJsonSchema(errorsArray))
   }
-  logger.info(JSON.stringify({ uuid: req.ctx.uuid, message: 'SUCCESSFUL CVE JSON schema validation.' }))
+  logger.info({ uuid: req.ctx.uuid, message: 'SUCCESSFUL CVE JSON schema validation.' })
   next()
 }
 

src/controller/org.controller/org.controller.js

@@ -239,7 +239,7 @@ async function createOrg (req, res, next) {
         // If we are creating an org via the registry flag, we can do a full validation.
         const result = await repo.validateOrg(body, { session })
         if (!result.isValid) {
-          logger.error(JSON.stringify({ uuid: req.ctx.uuid, message: 'CVE JSON schema validation FAILED.' }))
+          logger.error({ uuid: req.ctx.uuid, message: 'CVE JSON schema validation FAILED.' })
           await session.abortTransaction()
           if (!Array.isArray(body?.authority) || body?.authority.some(item => typeof item !== 'string')) {
             return res.status(400).json({ error: 'BAD_INPUT', message: 'Parameters were invalid', details: [{ param: 'authority', msg: 'Parameter must be a one-dimensional array of strings' }] })
@@ -401,7 +401,7 @@ async function createUser (req, res, next) {
           return res.status(400).json({ message: 'Parameters were invalid', details: [{ param: 'role', msg: `Role must be one of the following: ${constants.USER_ROLES}` }] })
         }
         if (!result.isValid) {
-          logger.error(JSON.stringify({ uuid: req.ctx.uuid, message: 'User JSON schema validation FAILED.' }))
+          logger.error({ uuid: req.ctx.uuid, message: 'User JSON schema validation FAILED.' })
           await session.abortTransaction()
           return res.status(400).json({ message: 'Parameters were invalid', errors: result.errors })
         }

src/controller/registry-org.controller/registry-org.controller.js

@@ -132,7 +132,7 @@ async function createOrg (req, res, next) {
       session.startTransaction()
       const result = repo.validateOrg(body, { session })
       if (!result.isValid) {
-        logger.error(JSON.stringify({ uuid: req.ctx.uuid, message: 'CVE JSON schema validation FAILED.' }))
+        logger.error({ uuid: req.ctx.uuid, message: 'CVE JSON schema validation FAILED.' })
         await session.abortTransaction()
 
         // TODO: Investigate this, right now we are accepting either a one one-dimensional array of strings or just a string.
@@ -267,7 +267,7 @@ async function updateOrg (req, res, next) {
 
       const result = repo.validateOrg(body, { session })
       if (!result.isValid) {
-        logger.error(JSON.stringify({ uuid: req.ctx.uuid, message: 'CVE JSON schema validation FAILED.' }))
+        logger.error({ uuid: req.ctx.uuid, message: 'CVE JSON schema validation FAILED.' })
         await session.abortTransaction()
         return res.status(400).json({ message: 'Parameters were invalid', errors: result.errors })
       }
@@ -482,7 +482,7 @@ async function createUserByOrg (req, res, next) {
         return res.status(400).json({ message: 'Parameters were invalid', details: [{ param: 'role', msg: 'Parameter must be a string' }] })
       }
       if (!result.isValid) {
-        logger.error(JSON.stringify({ uuid: req.ctx.uuid, message: 'User JSON schema validation FAILED.' }))
+        logger.error({ uuid: req.ctx.uuid, message: 'User JSON schema validation FAILED.' })
         await session.abortTransaction()
         return res.status(400).json({ message: 'Parameters were invalid', errors: result.errors })
       }

src/controller/registry-user.controller/registry-user.controller.js

@@ -82,7 +82,7 @@ async function createUser (req, res, next) {
         return res.status(400).json({ message: 'Parameters were invalid', details: [{ param: 'role', msg: 'Parameter must be a string' }] })
       }
       if (!result.isValid) {
-        logger.error(JSON.stringify({ uuid: req.ctx.uuid, message: 'User JSON schema validation FAILED.' }))
+        logger.error({ uuid: req.ctx.uuid, message: 'User JSON schema validation FAILED.' })
         await session.abortTransaction()
         return res.status(400).json({ message: 'Parameters were invalid', errors: result.errors })
       }
@@ -136,7 +136,7 @@ async function updateUser (req, res, next) {
         return res.status(400).json({ message: 'Parameters were invalid', details: [{ param: 'role', msg: 'Parameter must be a string' }] })
       }
       if (!result.isValid) {
-        logger.error(JSON.stringify({ uuid: req.ctx.uuid, message: 'User JSON schema validation FAILED.' }))
+        logger.error({ uuid: req.ctx.uuid, message: 'User JSON schema validation FAILED.' })
         await session.abortTransaction()
         return res.status(400).json({ message: 'Parameters were invalid', errors: result.errors })
       }

src/middleware/middleware.js

@@ -32,7 +32,12 @@ function createCtxAndReqUUID (req, res, next) {
       repositories: new RepositoryFactory()
     }
 
-    logger.info(JSON.stringify({ uuid: req.ctx.uuid, path: req.path }))
+    logger.info({
+      message: 'setting up req context',
+      uuid: req.ctx.uuid,
+      path: req.path
+    })
+
     next()
   } catch (err) {
     next(err)
@@ -129,18 +134,18 @@ async function validateUser (req, res, next) {
 
     const result = await userRepo.findOneByUserNameAndOrgUUID(user, orgUUID)
     if (!result) {
-      logger.warn(JSON.stringify({ uuid: req.ctx.uuid, message: 'User not found. User authentication FAILED for ' + user }))
+      logger.warn({ uuid: req.ctx.uuid, message: 'User not found. User authentication FAILED for ' + user })
       return res.status(401).json(error.unauthorized())
     }
 
     if (result.active === false || result.status === 'inactive') {
-      logger.warn(JSON.stringify({ uuid: req.ctx.uuid, message: 'User deactivated. Authentication failed for ' + user }))
+      logger.warn({ uuid: req.ctx.uuid, message: 'User deactivated. Authentication failed for ' + user })
       return res.status(401).json(error.unauthorized())
     }
 
     const isPwd = await argon2.verify(result.secret, key)
     if (!isPwd) {
-      logger.warn(JSON.stringify({ uuid: req.ctx.uuid, message: 'Incorrect apikey. User authentication FAILED for ' + user }))
+      logger.warn({ uuid: req.ctx.uuid, message: 'Incorrect apikey. User authentication FAILED for ' + user })
       return res.status(401).json(error.unauthorized())
     }
 
@@ -345,7 +350,7 @@ function validateCveJsonSchema (req, res, next) {
   }
 
   if (cveState === undefined) {
-    logger.error(JSON.stringify({ uuid: req.ctx.uuid, message: 'CVE JSON schema validation FAILED.' }))
+    logger.error({ uuid: req.ctx.uuid, message: 'CVE JSON schema validation FAILED.' })
     return res.status(400).json(error.invalidJsonSchema(['instance.cveMetadata is not defined']))
   }
   cveState = cveState.state
@@ -356,15 +361,15 @@ function validateCveJsonSchema (req, res, next) {
   if (['PUBLISHED', 'RESERVED', 'REJECTED'].includes(cveState)) {
     result = validate(cve)
   } else {
-    logger.error(JSON.stringify({ uuid: req.ctx.uuid, message: 'CVE JSON schema validation FAILED.' }))
+    logger.error({ uuid: req.ctx.uuid, message: 'CVE JSON schema validation FAILED.' })
     return res.status(400).json(error.invalidJsonSchema(['instance.cveMetadata.state is not one of enum values']))
   }
 
   if (result) {
-    logger.info(JSON.stringify({ uuid: req.ctx.uuid, message: 'SUCCESSFUL CVE JSON schema validation.' }))
+    logger.info({ uuid: req.ctx.uuid, message: 'SUCCESSFUL CVE JSON schema validation.' })
     next()
   } else {
-    logger.error(JSON.stringify({ uuid: req.ctx.uuid, message: 'CVE JSON schema validation FAILED.' }))
+    logger.error({ uuid: req.ctx.uuid, message: 'CVE JSON schema validation FAILED.' })
     const temp = validate.errors
     const errors = []
     temp.forEach((error) => {