-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathsecure-log-data.js
69 lines (62 loc) · 1.66 KB
/
secure-log-data.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
const traverse = require('traverse');
const SENSITIVE = [
'x-credentials',
'credentials',
'authorization',
'password',
'pwd',
'pass',
'x-token',
'token',
'security_token'
];
// if the path is 'foo.bar.key' then put the following in the map:
// key: 'foo.bar'
const SENSATIVE_PATH = {
user: 'auth'
};
const TOKEN = /token=[^;]*/;
const TOKEN_ENC = /token%3[^&]*/;
function sanitize({ sensitiveKeys = [] } = {}) {
sensitiveKeys = sensitiveKeys.map(key => key.toLowerCase()).concat(SENSITIVE);
return function (val) {
if (!this.isLeaf || !val) {
return;
} else if (
schemaError(this.key, this.parent && this.parent.node, sensitiveKeys) ||
sensitiveKeys.indexOf(this.key.toLowerCase()) !== -1 ||
isSensativePath(this.key, this.parent && this.parent.path)) {
this.update('***');
} else if (typeof val === 'string') {
if (TOKEN.test(val)) {
this.update(val.replace(TOKEN, 'token=***'));
} else if (TOKEN_ENC.test(val)) {
this.update(val.replace(TOKEN_ENC, 'token%3***'));
}
}
};
}
function isSensativePath(key, path) {
if (!SENSATIVE_PATH[key] || !path || path.length < 1) {
return false;
}
const sensativePath = SENSATIVE_PATH[key];
let partialPath;
for (let i = path.length; i >= 0; i--) {
const previousPath = partialPath ? `${partialPath}.` : '';
if (`${previousPath}${path[i]}` === sensativePath) {
return true;
}
}
return false;
}
function schemaError(key, obj, sensitive) {
return key === 'value' &&
obj &&
obj.message &&
typeof obj.property === 'string' &&
sensitive.indexOf(obj.property.toLowerCase()) !== -1;
}
module.exports = function(data, options = {}) {
return traverse(data).map(sanitize(options));
};