diff --git a/src/lib/dataGuard.ts b/src/lib/dataGuard.ts index e0d1962..dabef92 100644 --- a/src/lib/dataGuard.ts +++ b/src/lib/dataGuard.ts @@ -40,9 +40,15 @@ const sensitiveContentRegExp = { ssn: /\b[0-9]{3}-[0-9]{2}-[0-9]{4}\b/g, url: /\b(?:https?|ftp):\/\/[a-z0-9-+&@#/%?=~_|!:,.;]*[a-z0-9-+&@#/%=~_|]\b/gi, ipv4: /\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b/g, - email: /\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b/g, - password: /(?=\S*\d)(?=\S*[A-Za-z])[\w!@#$%^&*()_+=\-,.]{6,}/gm, - passwordFollowingText: /(?<=password:\s*)\S+/gi, + email: /(?<=^|[\s'"-#+.><])[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b/g, + password: /\b(?=\S*\d)(?=\S*[A-Za-z])[\w!@#$%^&*()_+=\-,.]{6,}\b/gm, + passwordInUri: /(?<=:\/\/[^:]+:)[^@]+?(?=@)/, + // passwordMention: /(?<=.*(password|passwd|pwd)[:\s*]?)[^\s:]+/gi, + passwordMention: /(?<=.*(password|passwd|pwd)(?:\s*:\s*|\s+))\S+/gi, + + // passwordMentionWithColon: /(?<=.*(password|passwd|pwd):\s*)[^\s:]+/gi, + // passwordMentionWithoutColon: /(?<=.*(password|passwd|pwd)\s+)[^\s:]+/gi, + uuid: /\b[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[89ab][0-9a-f]{3}-[0-9a-f]{12}\b/gi } as const; diff --git a/tests/masking.test.ts b/tests/masking.test.ts index dc7bcc2..1b7c336 100644 --- a/tests/masking.test.ts +++ b/tests/masking.test.ts @@ -133,7 +133,7 @@ describe('Test all possible masking', () => { 'a dude once exposed his super secret A1vbcvc.De#3435?r password to the world but luckily we could help' ) ).toBe( - 'a dude once exposed his super secret A1***********35?r password to the world but luckily we could help' + 'a dude once exposed his super secret A1***********35?r password ** the world but luckily we could help' ); }); @@ -180,7 +180,7 @@ describe('Test all possible masking', () => { and my email john.doe@acme.com on the website, a friend recommended ... it can be found under https://www.acme.com/scam?user=john.doe&password=A1vbcvc.De#3435?r`; const result = maskString(fullText); expect(result).toBe( - `I once entered my credit card number 12***************21 and my password A1***********35?r + `I once entered my credit card number 12***************21 and my password A1*************?r and my email jo*************om on the website, a friend recommended ... it can be found under ht**************************************************************?r` ); }); @@ -364,4 +364,17 @@ describe('Test all possible masking', () => { const maskedErrorX = maskData(sensitiveError); expect(maskedErrorX.message).toBe('Sensitive message containing user password: Su****************d!'); }); + + it('should mask any explicit password mentions', () => { + expect(maskString('here is my password: test01!')).toBe('here is my password: te***1!'); + expect(maskString('here is my SecretPassword: test')).toBe('here is my SecretPassword: ****'); + expect(maskString('here is my passwd test')).toBe('here is my passwd ****'); + expect(maskString('here is my pwd test01!')).toBe('here is my pwd te***1!'); + }); + + it('should capture any password in an uri-based string fragment', () => { + expect( + maskString('connection to postgres://dbuser:MySuperSecretPassword@myhost.com successfully established') + ).toBe('connection to postgres://dbuser:My*****************rd@myhost.com successfully established'); + }); });