@transcommerce/cwm-shared 1.1.82 → 1.1.83
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -803,6 +803,51 @@ class Utilities {
|
|
|
803
803
|
return aKeys;
|
|
804
804
|
}
|
|
805
805
|
};
|
|
806
|
+
/** Scrubs sensitive information from logs, such as email addresses, JWTs, tokens, GUIDs, credit card numbers, SSNs, phone numbers, and common password/username patterns.
|
|
807
|
+
* This helps prevent accidental exposure of sensitive data in logs while still allowing useful information to be retained for debugging purposes.
|
|
808
|
+
*
|
|
809
|
+
* @param input The input string or object to be scrubbed for logging. If an object is provided, it will be stringified before scrubbing.
|
|
810
|
+
* @returns A scrubbed string with sensitive information redacted.
|
|
811
|
+
* @remarks The method uses regular expressions to identify and redact various types of sensitive information. It is designed to be robust and will return a placeholder if any errors occur during the scrubbing process.
|
|
812
|
+
* @example
|
|
813
|
+
* const userData = {
|
|
814
|
+
* email: 'user@example.com',
|
|
815
|
+
* password: 'supersecret'
|
|
816
|
+
* };
|
|
817
|
+
* const scrubbedData = Utilities.scrubForLog(userData);
|
|
818
|
+
* console.log(scrubbedData);
|
|
819
|
+
*/
|
|
820
|
+
static scrubForLog(input) {
|
|
821
|
+
try {
|
|
822
|
+
let s = typeof input === 'string' ? input : JSON.stringify(input, null, 2);
|
|
823
|
+
// redact email addresses
|
|
824
|
+
s = s.replace(/([a-zA-Z0-9._%+-]+)@([a-zA-Z0-9.-]+\.[a-zA-Z]{2,})/g, '[REDACTED_EMAIL]');
|
|
825
|
+
// redact JWTs (three dot-separated base64url segments starting with eyJ)
|
|
826
|
+
s = s.replace(/eyJ[\w-]*\.[\w-]*\.[\w-]*/g, '[REDACTED_JWT]');
|
|
827
|
+
// redact long base64-like strings ( > 40 chars of base64url) - likely tokens
|
|
828
|
+
s = s.replace(/([A-Za-z0-9_\-]{40,})/g, '[REDACTED_TOKEN]');
|
|
829
|
+
// redact GUIDs
|
|
830
|
+
s = s.replace(/\b[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}\b/g, '[REDACTED_GUID]');
|
|
831
|
+
// redact credit card numbers (Visa, Mastercard, Amex, Discover)
|
|
832
|
+
s = s.replace(/\b(?:\d[ -]*?){13,19}\b/g, '[REDACTED_CC]');
|
|
833
|
+
// redact social security numbers
|
|
834
|
+
s = s.replace(/\b\d{3}-\d{2}-\d{4}\b/g, '[REDACTED_SSN]');
|
|
835
|
+
// redact phone numbers
|
|
836
|
+
s = s.replace(/\b(?:\+?1[-.\s]?)?\(?([0-9]{3})\)?[-.\s]?([0-9]{3})[-.\s]?([0-9]{4})\b/g, '[REDACTED_PHONE]');
|
|
837
|
+
// redact common password patterns (password, passwd, pwd fields with values)
|
|
838
|
+
s = s.replace(/(["\']?(?:password|passwd|pwd|secret|api[_-]?key)["\']?\s*[:=]\s*)["\']?[^\s"\']*["\']?/gi, '$1[REDACTED_PASSWORD]');
|
|
839
|
+
// redact common username patterns (username, user_name, user fields with values)
|
|
840
|
+
s = s.replace(/(["\']?(?:username|user_name|user|login)["\']?\s*[:=]\s*)["\']?[^\s"\']*["\']?/gi, '$1[REDACTED_USERNAME]');
|
|
841
|
+
// redact IP addresses
|
|
842
|
+
s = s.replace(/\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b/g, '[REDACTED_IP]');
|
|
843
|
+
// redact common ID patterns (userId, user_id, accountId, etc with values)
|
|
844
|
+
s = s.replace(/(["\']?(?:id|user_?id|account_?id|customer_?id|employee_?id)["\']?\s*[:=]\s*)["\']?[^\s"\']*["\']?/gi, '$1[REDACTED_ID]');
|
|
845
|
+
return s;
|
|
846
|
+
}
|
|
847
|
+
catch (ex) {
|
|
848
|
+
return '[UNABLE_TO_SCRUB]';
|
|
849
|
+
}
|
|
850
|
+
}
|
|
806
851
|
static getHttpResponseMessages(data) {
|
|
807
852
|
const responses = [];
|
|
808
853
|
if (data instanceof HttpResponseBase) {
|