Skip to content

Commit

Permalink
fixed issue #8 and bumped version to 1.1.3
Browse files Browse the repository at this point in the history
  • Loading branch information
slippyex committed May 17, 2024
1 parent db8c3f7 commit 615b7f0
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 3 deletions.
24 changes: 21 additions & 3 deletions src/lib/dataGuard.ts
Original file line number Diff line number Diff line change
Expand Up @@ -56,8 +56,10 @@ const sensitiveContentRegExp = {
passwordMention: /(?<=.*(password|passwd|pwd)(?:\s*:\s*|\s+))\S+/gi
} as const;

const SKIP_MASKING_PATTERN = /##([^#]*)##/g;

function maskSensitiveValue(value: string, options: Partial<IMaskDataOptions>): string {
const skipMaskingPattern = /##([^#]*)##/g; // Pattern to match content that should not be masked
const skipMaskingPattern = SKIP_MASKING_PATTERN; // Pattern to match content that should not be masked
const maskLength = options?.maskLength || value.length - 4;
const maskingChar = options?.maskingChar || '*';
// Skip masking if the entire value is wrapped in '##'
Expand Down Expand Up @@ -97,7 +99,7 @@ function maskSensitiveContent(
options?: Partial<IMaskDataOptions>
): string {
const allPatterns = { ...defaultPatterns, ...customPatterns };
const skipMaskingPattern = /##([^#]*)##/g; // Pattern to match content that should not be masked
const skipMaskingPattern = SKIP_MASKING_PATTERN; // Pattern to match content that should not be masked

const applyPatternMasking = (currentValue: string, pattern: RegExp): string => {
let result = '';
Expand Down Expand Up @@ -190,6 +192,21 @@ export function maskString(

if (!value || value.length === 0) return value;

// try to mask a stringified object correctly
if (value.startsWith('{') && value.endsWith('}')) {
let parsed: unknown;
try {
// if the provided string is nothing else but a stringified object,
// parse it back to object, mask and stringify it again
// ref issue: https://github.com/slippyex/data-guardian/issues/8
parsed = JSON.parse(value);
const resulting = maskData(parsed);
return JSON.stringify(resulting);
} catch (err) {
// ignore error
}
}

// Check if the content is marked to be unmasked
const { isUnmasked, content } = unmaskContent(value);
if (isUnmasked) {
Expand All @@ -199,7 +216,8 @@ export function maskString(
if (!types) types = Object.keys(sensitiveContentRegExp) as SensitiveContentKey[];
if (!customSensitiveContentRegExp) customSensitiveContentRegExp = {};
if (options?.excludeMatchers) {
types = types.filter(t => !options.excludeMatchers.includes(t));
const excludeMatchersSet = new Set(options.excludeMatchers);
types = types.filter(t => !excludeMatchersSet.has(t));
}

const applicablePatterns = types.reduce(
Expand Down
5 changes: 5 additions & 0 deletions tests/masking.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -431,4 +431,9 @@ describe('Test all possible masking', () => {
it('sucks', () => {
console.log(maskString('connection to postgres://dbuser:SuperSecretPassword!@localhost:5432/mydb established'));
});

it('should mask a stringified object correctly', () => {
const data = '{"username":"myuser","password":"something"}';
expect(maskString(data)).toBe('{"username":"myuser","password":"so*****ng"}');
});
});

0 comments on commit 615b7f0

Please # to comment.