@itentialopensource/adapter-utils 4.49.0 → 5.0.0

package/lib/connectorRest.js

@@ -4,7 +4,9 @@
 /* global adapters brokers g_redis log */
 /* eslint class-methods-use-this:warn */
 /* eslint consistent-return:warn */
+/* eslint no-promise-executor-return:warn */
 /* eslint import/no-dynamic-require:warn */
+/* eslint camelcase:warn */
 /* eslint no-underscore-dangle: [2, { "allow": ["_id"] }] */
 /* eslint no-unused-vars:warn */
 /* eslint no-use-before-define:warn */
@@ -368,10 +370,17 @@ function returnStub(request, entitySchema, callProperties) {
   const reqBody = request.body;
   const reqPath = request.header.path;
 
-  // these logs are very useful when debugging - however there is the potential for credentials to be exposed.
+  // these logs are very useful when debugging - however had to change so we do not log credentials
   if (authLogging) {
-    log.debug(`FULL STUB REQUEST: ${JSON.stringify(request.header)}`);
-    log.debug(`FULL STUB BODY: ${request.body}`);
+    // Can only mask values if header is an object - so can not log anything else
+    if (request.header) {
+      log.debug(`FULL STUB REQUEST: ${JSON.stringify(propUtilInst.scrubSensitiveInfo(request.header))}`);
+    }
+
+    // Can only mask values if body is an object - so can not log anything else
+    if (request.body) {
+      log.debug(`FULL STUB BODY: ${JSON.stringify(propUtilInst.scrubSensitiveInfo(request.body))}`);
+    }
   }
 
   const callResp = {
@@ -744,8 +753,8 @@ function makeRequest(request, entitySchema, callProperties, startTrip, attempt,
 
     // these logs are very useful when debugging - however there is the potential for credentials to be exposed.
     if (authLogging) {
-      log.debug(`FULL REQUEST: ${JSON.stringify(request.header)}`);
-      log.debug(`FULL BODY: ${request.body}`);
+      log.debug(`FULL REQUEST: ${JSON.stringify(propUtilInst.scrubSensitiveInfo(request.header))}`);
+      log.debug(`FULL BODY: ${JSON.stringify(propUtilInst.scrubSensitiveInfo(request.body))}`);
     }
 
     // make the call to System
@@ -867,7 +876,7 @@ function makeRequest(request, entitySchema, callProperties, startTrip, attempt,
           healthy = true;
           doneH2(true);
         }, (retH2) => {
-          log.debug(`${origin}: CALL RETURN ${JSON.stringify(callResp)}`);
+          log.debug(`${origin}: CALL RETURN ${JSON.stringify(propUtilInst.scrubSensitiveInfo(callResp))}`);
           useProt = undefined;
           callResp.reqHdr = request.header.headers;
           return callback(callResp);
@@ -1203,7 +1212,7 @@ async function getToken(reqPath, options, tokenSchema, bodyString, callPropertie
         return resolve({ token: 'faketoken', tokenp2: 'faketoken' });
       }
 
-      log.debug(`${origin}: OPTIONS: ${JSON.stringify(options)}`);
+      log.debug(`${origin}: OPTIONS: ${JSON.stringify(propUtilInst.scrubSensitiveInfo(options))}`);
 
       // request the token
       return makeRequest(request, tokenSchema, callProperties, null, 0, (result, merror) => {
@@ -1728,10 +1737,16 @@ async function buildTokenRequest(reqPath, reqBody, callProperties, callback) {
             tokenSchema.sso.protocol = sso.protocol;
           }
         }
-        if (tokenSchema && tokenSchema.sso && tokenSchema.sso.host) {
+        if (tokenSchema && tokenSchema.sso && tokenSchema.sso.host && (sso == null || sso.host === '') && entity === 'getToken') {
+          options.hostname = tokenSchema.sso.host;
+        }
+        if (tokenSchema && tokenSchema.sso && tokenSchema.sso.port && (sso == null || sso.port === '') && entity === 'getToken') {
+          options.port = tokenSchema.sso.port;
+        }
+        if (tokenSchema && tokenSchema.sso && tokenSchema.sso.host && entity !== 'getToken') {
           options.hostname = tokenSchema.sso.host;
         }
-        if (tokenSchema && tokenSchema.sso && tokenSchema.sso.port) {
+        if (tokenSchema && tokenSchema.sso && tokenSchema.sso.port && entity !== 'getToken') {
           options.port = tokenSchema.sso.port;
         }
 
@@ -4403,10 +4418,10 @@ class ConnectorRest {
         log.info(`${origin}: Connector SSL connections enabled`);
       }
 
-      log.debug(`${origin}: HEALTHCHECK OPTIONS: ${JSON.stringify(options)}`);
+      log.debug(`${origin}: HEALTHCHECK OPTIONS: ${JSON.stringify(this.propUtil.scrubSensitiveInfo(options))}`);
 
       if (payload !== undefined && payload !== null && payload !== '') {
-        log.debug(`${origin}: REQUEST: ${payload}`);
+        log.debug(`${origin}: REQUEST: ${JSON.stringify(this.propUtil.scrubSensitiveInfo(payload))}`);
 
         // save it in memory
         cacheHPay = payload;
@@ -4598,10 +4613,10 @@ class ConnectorRest {
         log.info(`${origin}: Connector SSL connections enabled`);
       }
 
-      log.debug(`${origin}: OPTIONS: ${JSON.stringify(options)}`);
+      log.debug(`${origin}: OPTIONS: ${JSON.stringify(this.propUtil.scrubSensitiveInfo(options))}`);
 
       if (incoming.body !== undefined && incoming.body !== null && incoming.body !== '') {
-        log.debug(`${origin}:REQUEST: ${incoming.body}`);
+        log.debug(`${origin}:REQUEST: ${JSON.stringify(this.propUtil.scrubSensitiveInfo(incoming.body))}`);
       }
 
       const request = {

package/lib/dbUtil.js

@@ -595,7 +595,6 @@ class DBUtil {
    */
   determineStorage(dbInfo, callback) {
     const origin = `${this.myid}-dbUtil-determineStorage`;
-
     if (dbInfo) {
       // priority 1 - use the dbInfo passed in
       if (dbInfo.dburl && dbInfo.database) {
@@ -1208,7 +1207,6 @@ class DBUtil {
   find(collectionName, options, dbInfo, fsWrite, callback) {
     const origin = `${this.myid}-dbUtil-find`;
     log.trace(origin);
-
     try {
       // verify the required data has been provided
       if (!collectionName) {
@@ -1272,7 +1270,6 @@ class DBUtil {
           log.debug(`${origin}: Data retrieved from file storage`);
           return callback(null, toReturn);
         }
-
         // if using MongoDB storage
         if (storage === Storage.DBINFO || storage === Storage.ADAPTERDB) {
           // Find the data in the database

package/lib/genericHandler.js

@@ -0,0 +1,280 @@
+/* @copyright Itential, LLC 2023 */
+
+// Set globals
+/* global log */
+
+/* NodeJS internal utilities */
+
+class GenericHandler {
+  /**
+   * Adapter Generic Handler
+   * @constructor
+   */
+  constructor(prongId, properties, reqH) {
+    this.myid = prongId;
+    this.allProps = properties;
+    this.requestHandlerInst = reqH;
+
+    // set up the properties I care about
+    this.refreshProperties(properties);
+  }
+
+  /**
+   * refreshProperties is used to set up all of the properties for the broker handler.
+   * It allows properties to be changed later by simply calling refreshProperties rather
+   * than having to restart the broker handler.
+   *
+   * @function refreshProperties
+   * @param {Object} properties - an object containing all of the properties
+   */
+  refreshProperties(properties) {
+    const origin = `${this.myid}-genericHandler-refreshProperties`;
+    log.trace(origin);
+
+    if (!properties) {
+      log.error(`${origin}: Generic Handler received no properties!`);
+    }
+  }
+
+  /**
+   * Makes the requested generic call
+   *
+   * @function expandedGenericAdapterRequest
+   * @param {Object} metadata - metadata for the call (optional).
+   *                 Can be a stringified Object.
+   * @param {String} uriPath - the path of the api call - do not include the host, port, base path or version (optional)
+   * @param {String} restMethod - the rest method (GET, POST, PUT, PATCH, DELETE) (optional)
+   * @param {Object} pathVars - the parameters to be put within the url path (optional).
+   *                 Can be a stringified Object.
+   * @param {Object} queryData - the parameters to be put on the url (optional).
+   *                 Can be a stringified Object.
+   * @param {Object} requestBody - the body to add to the request (optional).
+   *                 Can be a stringified Object.
+   * @param {Object} addlHeaders - additional headers to be put on the call (optional).
+   *                 Can be a stringified Object.
+   * @param {getCallback} callback - a callback function to return the result (Generics)
+   *                 or the error
+   */
+  expandedGenericAdapterRequest(metadata, uriPath, restMethod, pathVars, queryData, requestBody, addlHeaders, callback) {
+    const meth = 'genericHandler-expandedGenericAdapterRequest';
+    const origin = `${this.myid}-${meth}`;
+    log.trace(origin);
+
+    // if metadata says not to use BasePath
+    if (metadata && metadata.basepath && metadata.basepath.toUpperCase() === 'NOBASE') {
+      this.genericAdapterRequestNoBasePath(uriPath, restMethod, queryData, requestBody, addlHeaders, callback);
+    }
+    // use BasePath
+    this.genericAdapterRequest(uriPath, restMethod, queryData, requestBody, addlHeaders, callback);
+  }
+
+  /**
+   * Makes the requested generic call
+   *
+   * @function genericAdapterRequest
+   * @param {String} uriPath - the path of the api call - do not include the host, port, base path or version (required)
+   * @param {String} restMethod - the rest method (GET, POST, PUT, PATCH, DELETE) (required)
+   * @param {Object} queryData - the parameters to be put on the url (optional).
+   *                 Can be a stringified Object.
+   * @param {Object} requestBody - the body to add to the request (optional).
+   *                 Can be a stringified Object.
+   * @param {Object} addlHeaders - additional headers to be put on the call (optional).
+   *                 Can be a stringified Object.
+   * @param {getCallback} callback - a callback function to return the result (Generics)
+   *                 or the error
+   */
+  genericAdapterRequest(uriPath, restMethod, queryData, requestBody, addlHeaders, callback) {
+    const meth = 'genericHandler-genericAdapterRequest';
+    const origin = `${this.myid}-${meth}`;
+    log.trace(origin);
+
+    /* HERE IS WHERE YOU VALIDATE DATA */
+    if (uriPath === undefined || uriPath === null || uriPath === '') {
+      const errorObj = this.requestHandlerInst.formatErrorObject(this.myid, meth, 'Missing Data', ['uriPath'], null, null, null);
+      log.error(`${origin}: ${errorObj.IAPerror.displayString}`);
+      return callback(null, errorObj);
+    }
+    if (restMethod === undefined || restMethod === null || restMethod === '') {
+      const errorObj = this.requestHandlerInst.formatErrorObject(this.myid, meth, 'Missing Data', ['restMethod'], null, null, null);
+      log.error(`${origin}: ${errorObj.IAPerror.displayString}`);
+      return callback(null, errorObj);
+    }
+
+    /* HERE IS WHERE YOU SET THE DATA TO PASS INTO REQUEST */
+    // remove any leading / and split the uripath into path variables
+    let myPath = uriPath;
+    while (myPath.indexOf('/') === 0) {
+      myPath = myPath.substring(1);
+    }
+    const pathVars = myPath.split('/');
+    const queryParamsAvailable = queryData;
+    const queryParams = {};
+    const bodyVars = requestBody;
+
+    // loop in template. long callback arg name to avoid identifier conflicts
+    Object.keys(queryParamsAvailable).forEach((thisKeyInQueryParamsAvailable) => {
+      if (queryParamsAvailable[thisKeyInQueryParamsAvailable] !== undefined && queryParamsAvailable[thisKeyInQueryParamsAvailable] !== null
+          && queryParamsAvailable[thisKeyInQueryParamsAvailable] !== '') {
+        queryParams[thisKeyInQueryParamsAvailable] = queryParamsAvailable[thisKeyInQueryParamsAvailable];
+      }
+    });
+
+    // set up the request object - payload, uriPathVars, uriQuery, uriOptions, addlHeaders
+    const reqObj = {
+      payload: bodyVars,
+      uriPathVars: pathVars,
+      uriQuery: queryParams,
+      uriOptions: {}
+    };
+    // add headers if provided
+    if (addlHeaders) {
+      reqObj.addlHeaders = addlHeaders;
+    }
+
+    // determine the call and return flag
+    let action = 'getGenerics';
+    let returnF = true;
+    if (restMethod.toUpperCase() === 'POST') {
+      action = 'createGeneric';
+    } else if (restMethod.toUpperCase() === 'PUT') {
+      action = 'updateGeneric';
+    } else if (restMethod.toUpperCase() === 'PATCH') {
+      action = 'patchGeneric';
+    } else if (restMethod.toUpperCase() === 'DELETE') {
+      action = 'deleteGeneric';
+      returnF = false;
+    }
+
+    try {
+      // Make the call -
+      // identifyRequest(entity, action, requestObj, returnDataFlag, callback)
+      return this.requestHandlerInst.identifyRequest('.generic', action, reqObj, returnF, (irReturnData, irReturnError) => {
+        // if we received an error or their is no response on the results
+        // return an error
+        if (irReturnError) {
+          /* HERE IS WHERE YOU CAN ALTER THE ERROR MESSAGE */
+          return callback(null, irReturnError);
+        }
+        if (!Object.hasOwnProperty.call(irReturnData, 'response')) {
+          const errorObj = this.requestHandlerInst.formatErrorObject(this.myid, meth, 'Invalid Response', ['genericAdapterRequest'], null, null, null);
+          log.error(`${origin}: ${errorObj.IAPerror.displayString}`);
+          return callback(null, errorObj);
+        }
+
+        /* HERE IS WHERE YOU CAN ALTER THE RETURN DATA */
+        // return the response
+        return callback(irReturnData, null);
+      });
+    } catch (ex) {
+      const errorObj = this.requestHandlerInst.formatErrorObject(this.myid, meth, 'Caught Exception', null, null, null, ex);
+      log.error(`${origin}: ${errorObj.IAPerror.displayString}`);
+      return callback(null, errorObj);
+    }
+  }
+
+  /**
+   * Makes the requested generic call with no base path or version
+   *
+   * @function genericAdapterRequestNoBasePath
+   * @param {String} uriPath - the path of the api call - do not include the host, port, base path or version (required)
+   * @param {String} restMethod - the rest method (GET, POST, PUT, PATCH, DELETE) (required)
+   * @param {Object} queryData - the parameters to be put on the url (optional).
+   *                 Can be a stringified Object.
+   * @param {Object} requestBody - the body to add to the request (optional).
+   *                 Can be a stringified Object.
+   * @param {Object} addlHeaders - additional headers to be put on the call (optional).
+   *                 Can be a stringified Object.
+   * @param {getCallback} callback - a callback function to return the result (Generics)
+   *                 or the error
+   */
+  genericAdapterRequestNoBasePath(uriPath, restMethod, queryData, requestBody, addlHeaders, callback) {
+    const meth = 'genericHandler-genericAdapterRequestNoBasePath';
+    const origin = `${this.myid}-${meth}`;
+    log.trace(origin);
+
+    /* HERE IS WHERE YOU VALIDATE DATA */
+    if (uriPath === undefined || uriPath === null || uriPath === '') {
+      const errorObj = this.requestHandlerInst.formatErrorObject(this.myid, meth, 'Missing Data', ['uriPath'], null, null, null);
+      log.error(`${origin}: ${errorObj.IAPerror.displayString}`);
+      return callback(null, errorObj);
+    }
+    if (restMethod === undefined || restMethod === null || restMethod === '') {
+      const errorObj = this.requestHandlerInst.formatErrorObject(this.myid, meth, 'Missing Data', ['restMethod'], null, null, null);
+      log.error(`${origin}: ${errorObj.IAPerror.displayString}`);
+      return callback(null, errorObj);
+    }
+
+    /* HERE IS WHERE YOU SET THE DATA TO PASS INTO REQUEST */
+    // remove any leading / and split the uripath into path variables
+    let myPath = uriPath;
+    while (myPath.indexOf('/') === 0) {
+      myPath = myPath.substring(1);
+    }
+    const pathVars = myPath.split('/');
+    const queryParamsAvailable = queryData;
+    const queryParams = {};
+    const bodyVars = requestBody;
+
+    // loop in template. long callback arg name to avoid identifier conflicts
+    Object.keys(queryParamsAvailable).forEach((thisKeyInQueryParamsAvailable) => {
+      if (queryParamsAvailable[thisKeyInQueryParamsAvailable] !== undefined && queryParamsAvailable[thisKeyInQueryParamsAvailable] !== null
+          && queryParamsAvailable[thisKeyInQueryParamsAvailable] !== '') {
+        queryParams[thisKeyInQueryParamsAvailable] = queryParamsAvailable[thisKeyInQueryParamsAvailable];
+      }
+    });
+
+    // set up the request object - payload, uriPathVars, uriQuery, uriOptions, addlHeaders
+    const reqObj = {
+      payload: bodyVars,
+      uriPathVars: pathVars,
+      uriQuery: queryParams,
+      uriOptions: {}
+    };
+    // add headers if provided
+    if (addlHeaders) {
+      reqObj.addlHeaders = addlHeaders;
+    }
+
+    // determine the call and return flag
+    let action = 'getGenericsNoBase';
+    let returnF = true;
+    if (restMethod.toUpperCase() === 'POST') {
+      action = 'createGenericNoBase';
+    } else if (restMethod.toUpperCase() === 'PUT') {
+      action = 'updateGenericNoBase';
+    } else if (restMethod.toUpperCase() === 'PATCH') {
+      action = 'patchGenericNoBase';
+    } else if (restMethod.toUpperCase() === 'DELETE') {
+      action = 'deleteGenericNoBase';
+      returnF = false;
+    }
+
+    try {
+      // Make the call -
+      // identifyRequest(entity, action, requestObj, returnDataFlag, callback)
+      return this.requestHandlerInst.identifyRequest('.generic', action, reqObj, returnF, (irReturnData, irReturnError) => {
+        // if we received an error or their is no response on the results
+        // return an error
+        if (irReturnError) {
+          /* HERE IS WHERE YOU CAN ALTER THE ERROR MESSAGE */
+          return callback(null, irReturnError);
+        }
+        if (!Object.hasOwnProperty.call(irReturnData, 'response')) {
+          const errorObj = this.requestHandlerInst.formatErrorObject(this.myid, meth, 'Invalid Response', ['genericAdapterRequestNoBasePath'], null, null, null);
+          log.error(`${origin}: ${errorObj.IAPerror.displayString}`);
+          return callback(null, errorObj);
+        }
+
+        /* HERE IS WHERE YOU CAN ALTER THE RETURN DATA */
+        // return the response
+        return callback(irReturnData, null);
+      });
+    } catch (ex) {
+      const errorObj = this.requestHandlerInst.formatErrorObject(this.myid, meth, 'Caught Exception', null, null, null, ex);
+      log.error(`${origin}: ${errorObj.IAPerror.displayString}`);
+      return callback(null, errorObj);
+    }
+  }
+}
+
+module.exports = GenericHandler;

package/lib/propertyUtil.js

@@ -363,10 +363,16 @@ class AdapterPropertyUtil {
               if (entitySchema.responseDatatype && entitySchema.responseDatatype.toUpperCase() === 'PLAIN') {
                 // read the mock date from the file system
                 mockResponse.response = fs.readFileSync(mockFileName, 'utf-8');
+                if (!mockResponse.response) {
+                  mockResponse.response = 'mock file empty!';
+                }
               } else if (entitySchema.responseDatatype && (entitySchema.responseDatatype.toUpperCase() === 'XML'
                   || entitySchema.responseDatatype.toUpperCase() === 'XML2JSON')) {
                 // read the mock date from the file system
                 mockResponse.response = fs.readFileSync(mockFileName, 'utf-8');
+                if (!mockResponse.response) {
+                  mockResponse.response = '<mock>file empty!</mock>';
+                }
               } else {
                 // read the mock date from the file system
                 try {
@@ -374,7 +380,7 @@ class AdapterPropertyUtil {
                   mockResponse.response = JSON.parse(fs.readFileSync(mockFileName, 'utf-8'));
                 } catch (excep) {
                   log.warn(`${origin}: Could not parse file - ${mockFileName}`);
-                  mockResponse.response = '';
+                  mockResponse.response = { mock: 'file empty or parse error!' };
                 }
               }
             } else {
@@ -435,7 +441,6 @@ class AdapterPropertyUtil {
       origin,
       isError: true
     };
-
     try {
       // verify required data
       if (!entityName || typeof entityName !== 'string') {
@@ -854,7 +859,6 @@ class AdapterPropertyUtil {
   getEntitySchema(entityName, actionName, choosepath, dbUtils, callback) {
     const origin = `${this.myid}-propertyUtil-getEntitySchema`;
     log.trace(origin);
-
     // need to try to get the entity schema from the adapter database
     try {
       // call to get the adapter schema from the database
@@ -948,6 +952,133 @@ class AdapterPropertyUtil {
     return defaults;
   }
 
+  /**
+   * @summary Takes in an item that may have sensitive data and scrubs it before
+   * it would get logged.
+   *
+   * @function scrubSensitiveInfo
+   * @param {String/Object} inData - the data to scrub
+   * @param {Array} addItems - additional items to scrub
+   *
+   * @return {Object} the object with default values from the property schema
+   */
+  scrubSensitiveInfo(inData, addItems) {
+    const origin = `${this.myid}-propertyUtil-scrubSensitiveInfo`;
+    log.trace(origin);
+
+    // no reason to scan numbers, booleans or functions
+    if (!inData || typeof inData === 'number' || typeof inData === 'boolean' || typeof inData === 'function') {
+      return inData;
+    }
+
+    // This is the array of sensitive keys
+    let sensList = ['authorization', 'x-auth-token', 'x-csrf-token', 'x-amz-security-token', 'x-aws-ec2-metadata-token', 'cookie', 'set-cookie', 'token', 'tokenp2', 'user', 'username', 'passwd', 'password', 'api-key', 'client-id', 'client-secret', 'session', 'session-id'];
+
+    // add any additional items to scrub
+    if (addItems && Array.isArray(addItems) && addItems.length > 0) {
+      sensList = sensList.concat(addItems);
+    }
+
+    // going to use copy of data so we do not mess up input - if object will still need to assign it
+    let actualData = inData;
+
+    // if we are scrubbing an array
+    if (Array.isArray(actualData)) {
+      // need to go through each item in the array
+      for (let i = 0; i < actualData.length; i += 1) {
+        actualData[i] = this.scrubSensitiveInfo(actualData[i]);
+      }
+
+      // return the scrubbed array
+      return actualData;
+    }
+
+    // if we are scrubbbing a string (e.g. URL)
+    if (typeof actualData === 'string') {
+      // if it is a Stringified JSON
+      try {
+        // need to see if it is stringified JSON
+        actualData = JSON.parse(inData);
+        // if this was able to be parsed, we should handle it as an object
+      } catch (ex) {
+        // if not JSON, can only scrub the query (e.g. after ?)
+        actualData = inData;
+        const dataParts = actualData.split('?');
+
+        // if there is no query data - we are done
+        if (dataParts.length === 0) {
+          return actualData;
+        }
+
+        // start what we return
+        let retData = `${dataParts[0]}?`;
+        let count = 0;
+
+        // query format - key=value& or key=value{end of url}
+        const queryData = dataParts[1].split('&');
+
+        // analyze the query fields
+        for (let i = 0; i < queryData.length; i += 1) {
+          // key of the query field
+          const key = queryData[i].split('=');
+          let found = false;
+
+          // add any & to separate query params
+          if (count > 0) {
+            retData += '&';
+          }
+
+          // go through sensitive word list - maybe can use find in
+          for (let j = 0; j < sensList.length; j += 1) {
+            if (key.toUpperCase() === sensList[j].toUpperCase()) {
+              // if sensitive, mask
+              retData += `${key}=** masked **`;
+              found = true;
+              count += 1;
+              break;
+            }
+          }
+
+          // if not sensitive - just append back on url
+          if (!found) {
+            retData += queryData[i];
+          }
+        }
+
+        // return the scrubbed string
+        return retData;
+      }
+    }
+
+    // if we are scrubbing an object (or string that has been parsed)
+    if (typeof actualData === 'object') {
+      const retData = { ...actualData };
+
+      // go through each item in the object
+      Object.keys(retData).forEach((key) => {
+        // go deep through an object with recursive call
+        if (typeof retData[key] === 'object') {
+          retData[key] = this.scrubSensitiveInfo(retData[key]);
+        } else {
+          // go through sensitive word list - maybe can use find in
+          for (let j = 0; j < sensList.length; j += 1) {
+            if (key.toUpperCase() === sensList[j].toUpperCase()) {
+              // if sensitive, mask
+              retData[key] = '=** masked **';
+              break;
+            }
+          }
+        }
+      });
+
+      // return the scrubbed object
+      return retData;
+    }
+
+    // if something we do not handle yet - just return the data
+    return actualData;
+  }
+
   /**
    * @summary Takes in properties and the secondary properties and merges them so the returned
    * object has secondary properties where no primary property values were provided.