@uniglot/wont-let-you-see 0.1.1 → 0.3.0

package/src/masker.ts

@@ -1,41 +1,7 @@
-import { AWS_PATTERNS, K8S_PATTERNS, COMMON_PATTERNS } from "./patterns";
+import { loadPatterns, type LoadedPattern } from "./patterns";
 import { addEntry, getOriginal } from "./mapping";
 import { getConfig, isPatternEnabled } from "./config";
 
-interface PatternConfig {
-  pattern: RegExp;
-  type: string;
-  isContextual?: boolean;
-}
-
-const PATTERN_ORDER: PatternConfig[] = [
-  { pattern: AWS_PATTERNS.eksCluster, type: "eks-cluster" },
-  { pattern: AWS_PATTERNS.arn, type: "arn" },
-  { pattern: AWS_PATTERNS.accountId, type: "account-id", isContextual: true },
-  { pattern: AWS_PATTERNS.accessKeyId, type: "access-key-id" },
-  { pattern: AWS_PATTERNS.vpc, type: "vpc" },
-  { pattern: AWS_PATTERNS.subnet, type: "subnet" },
-  { pattern: AWS_PATTERNS.securityGroup, type: "security-group" },
-  { pattern: AWS_PATTERNS.internetGateway, type: "internet-gateway" },
-  { pattern: AWS_PATTERNS.routeTable, type: "route-table" },
-  { pattern: AWS_PATTERNS.natGateway, type: "nat-gateway" },
-  { pattern: AWS_PATTERNS.networkAcl, type: "network-acl" },
-  { pattern: AWS_PATTERNS.eni, type: "eni" },
-  { pattern: AWS_PATTERNS.ami, type: "ami" },
-  { pattern: AWS_PATTERNS.ec2Instance, type: "ec2-instance" },
-  { pattern: AWS_PATTERNS.ebs, type: "ebs" },
-  { pattern: AWS_PATTERNS.snapshot, type: "snapshot" },
-
-  { pattern: K8S_PATTERNS.serviceAccountToken, type: "k8s-token" },
-  { pattern: K8S_PATTERNS.clusterEndpoint, type: "k8s-endpoint" },
-  { pattern: K8S_PATTERNS.kubeconfigServer, type: "k8s-endpoint" },
-  { pattern: K8S_PATTERNS.nodeNameAws, type: "k8s-node" },
-
-  { pattern: COMMON_PATTERNS.privateKey, type: "private-key" },
-  { pattern: COMMON_PATTERNS.apiKeyField, type: "api-key", isContextual: true },
-  { pattern: COMMON_PATTERNS.ipv4, type: "ipv4" },
-];
-
 function removeAnchors(source: string): string {
   let result = source.replace(/^\^/, "").replace(/\$$/, "");
   if (!result.endsWith("\\b")) {
@@ -44,34 +10,58 @@ function removeAnchors(source: string): string {
   return result;
 }
 
-export function mask(sessionId: string, text: string): string {
-  if (!text || typeof text !== "string") {
-    return text;
-  }
-
-  const config = getConfig();
-  if (!config.enabled) {
-    return text;
-  }
+const REGEX_PREFIX = "regex:";
 
+function applyCustomPatterns(
+  sessionId: string,
+  text: string,
+  customPatterns: string[],
+): string {
   let result = text;
 
-  for (const customPattern of config.customPatterns) {
-    if (result.includes(customPattern)) {
-      const token = addEntry(sessionId, "custom", customPattern);
-      result = result.split(customPattern).join(token);
+  for (const customPattern of customPatterns) {
+    if (customPattern.startsWith(REGEX_PREFIX)) {
+      const regexStr = customPattern.slice(REGEX_PREFIX.length);
+      const regex = new RegExp(removeAnchors(regexStr), "g");
+      const matches = new Set<string>();
+      let match;
+      while ((match = regex.exec(result)) !== null) {
+        matches.add(match[0]);
+      }
+      for (const value of matches) {
+        const token = addEntry(sessionId, "custom", value);
+        result = result.split(value).join(token);
+      }
+    } else {
+      const escaped = customPattern.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+      const literalRegex = new RegExp(escaped + "(?![\\w])", "g");
+      if (literalRegex.test(result)) {
+        const token = addEntry(sessionId, "custom", customPattern);
+        result = result.replace(literalRegex, token);
+      }
     }
   }
 
-  for (const { pattern, type, isContextual } of PATTERN_ORDER) {
-    if (!isPatternEnabled(type)) {
+  return result;
+}
+
+function applyLoadedPatterns(
+  sessionId: string,
+  text: string,
+  patterns: LoadedPattern[],
+): string {
+  let result = text;
+
+  for (const { name, pattern, isContextual } of patterns) {
+    if (!isPatternEnabled(name)) {
       continue;
     }
+
     if (isContextual) {
       result = result.replace(
         new RegExp(pattern.source, "g"),
         (match, capturedValue) => {
-          const token = addEntry(sessionId, type, capturedValue);
+          const token = addEntry(sessionId, name, capturedValue);
           return match.replace(capturedValue, token);
         },
       );
@@ -85,7 +75,7 @@ export function mask(sessionId: string, text: string): string {
       }
 
       for (const value of matches) {
-        const token = addEntry(sessionId, type, value);
+        const token = addEntry(sessionId, name, value);
         result = result.split(value).join(token);
       }
     }
@@ -94,6 +84,26 @@ export function mask(sessionId: string, text: string): string {
   return result;
 }
 
+export function mask(sessionId: string, text: string): string {
+  if (!text || typeof text !== "string") {
+    return text;
+  }
+
+  const config = getConfig();
+  if (!config.enabled) {
+    return text;
+  }
+
+  let result = text;
+
+  result = applyCustomPatterns(sessionId, result, config.customPatterns);
+
+  const patterns = loadPatterns();
+  result = applyLoadedPatterns(sessionId, result, patterns);
+
+  return result;
+}
+
 export function unmask(sessionId: string, text: string): string {
   if (!text || typeof text !== "string") {
     return text;

package/src/patterns.ts

@@ -1,45 +1,108 @@
-export const AWS_PATTERNS = {
-  arn: /^arn:(?:aws|aws-cn|aws-us-gov):[a-zA-Z0-9-]+:[a-z0-9-]*:(?:[0-9]{12})?:.+$/,
-  eksCluster:
-    /^arn:(?:aws|aws-cn|aws-us-gov):eks:[a-z0-9-]+:[0-9]{12}:cluster\/.+$/,
-  vpc: /^vpc-[0-9a-f]{8,17}$/,
-  subnet: /^subnet-[0-9a-f]{8,17}$/,
-  securityGroup: /^sg-[0-9a-f]{8,17}$/,
-  internetGateway: /^igw-[0-9a-f]{8,17}$/,
-  routeTable: /^rtb-[0-9a-f]{8,17}$/,
-  natGateway: /^nat-[0-9a-f]{8,17}$/,
-  networkAcl: /^acl-[0-9a-f]{8,17}$/,
-  ec2Instance: /^i-[0-9a-f]{8,17}$/,
-  ami: /^ami-[0-9a-f]{8,17}$/,
-  ebs: /^vol-[0-9a-f]{8,17}$/,
-  snapshot: /^snap-[0-9a-f]{8,17}$/,
-  eni: /^eni-[0-9a-f]{8,17}$/,
-  accountId: /"(?:OwnerId|AccountId|Owner|account_id)":\s*"(\d{12})"/,
-  accessKeyId:
-    /(?:^|[^A-Z0-9])(?:AKIA|ABIA|ACCA|ASIA)[A-Z0-9]{16}(?:[^A-Z0-9]|$)/,
-} as const;
-
-export const K8S_PATTERNS = {
-  serviceAccountToken: /^eyJ[A-Za-z0-9_-]*\.eyJ[A-Za-z0-9_-]*\.[A-Za-z0-9_-]*$/,
-  nodeNameAws: /^ip-(?:\d{1,3}-){3}\d{1,3}\.[a-z0-9-]+\.compute\.internal$/,
-  clusterEndpoint: /^https:\/\/[A-Z0-9]+\.[a-z0-9-]+\.eks\.amazonaws\.com$/,
-  kubeconfigServer:
-    /^https:\/\/[0-9A-F]{32}\.[a-z]{2}-[a-z]+-\d\.eks\.amazonaws\.com$/i,
-} as const;
-
-export const COMMON_PATTERNS = {
-  ipv4: /^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$/,
-  // Private key blocks (entire key including body and footer)
-  privateKey:
-    /-----BEGIN (?:RSA |EC |DSA |OPENSSH )?PRIVATE KEY-----[\s\S]*?-----END (?:RSA |EC |DSA |OPENSSH )?PRIVATE KEY-----/,
-  // Generic API keys/tokens (contextual - in JSON/YAML fields)
-  apiKeyField:
-    /"(?:api_key|apiKey|secret_key|secretKey|access_token|auth_token|password|token)":\s*"([^"]+)"/,
-} as const;
-
-// Combined for backward compatibility
-export const PATTERNS = {
-  ...AWS_PATTERNS,
-  ...K8S_PATTERNS,
-  ...COMMON_PATTERNS,
-} as const;
+import { readdirSync, readFileSync } from "fs";
+import { join, dirname } from "path";
+import { fileURLToPath } from "url";
+
+/**
+ * Pattern definition in JSON files.
+ * Can be:
+ * - A regex string: "^vpc-[0-9a-f]{8,17}$"
+ * - An object with pattern and optional contextual flag: { "pattern": "...", "contextual": true }
+ * - An object with exact string match: { "exact": "literal-value" }
+ */
+export type PatternDefinition =
+  | string
+  | { pattern: string; contextual?: boolean }
+  | { exact: string };
+
+export interface PatternFile {
+  [patternName: string]: PatternDefinition;
+}
+
+export interface LoadedPattern {
+  name: string;
+  pattern: RegExp;
+  isContextual: boolean;
+  isExact: boolean;
+}
+
+let cachedPatterns: LoadedPattern[] | null = null;
+
+function getPackagePatternsDir(): string {
+  const currentFile = fileURLToPath(import.meta.url);
+  const srcDir = dirname(currentFile);
+  const packageRoot = dirname(srcDir);
+  return join(packageRoot, "patterns");
+}
+
+function parsePatternDefinition(
+  name: string,
+  definition: PatternDefinition,
+): LoadedPattern {
+  if (typeof definition === "string") {
+    return {
+      name,
+      pattern: new RegExp(definition),
+      isContextual: false,
+      isExact: false,
+    };
+  }
+
+  if ("exact" in definition) {
+    const escaped = definition.exact.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+    return {
+      name,
+      pattern: new RegExp(escaped),
+      isContextual: false,
+      isExact: true,
+    };
+  }
+
+  return {
+    name,
+    pattern: new RegExp(definition.pattern),
+    isContextual: definition.contextual ?? false,
+    isExact: false,
+  };
+}
+
+function loadPatternFile(filePath: string): LoadedPattern[] {
+  const content = readFileSync(filePath, "utf-8");
+  const data: PatternFile = JSON.parse(content);
+  const patterns: LoadedPattern[] = [];
+
+  for (const [name, definition] of Object.entries(data)) {
+    patterns.push(parsePatternDefinition(name, definition));
+  }
+
+  return patterns;
+}
+
+export function loadPatterns(): LoadedPattern[] {
+  if (cachedPatterns) {
+    return cachedPatterns;
+  }
+
+  const patternsDir = getPackagePatternsDir();
+  const patterns: LoadedPattern[] = [];
+
+  const files = readdirSync(patternsDir)
+    .filter((f) => f.endsWith(".json"))
+    .sort();
+
+  for (const file of files) {
+    const filePath = join(patternsDir, file);
+    const filePatterns = loadPatternFile(filePath);
+    patterns.push(...filePatterns);
+  }
+
+  cachedPatterns = patterns;
+  return patterns;
+}
+
+export function resetPatternCache(): void {
+  cachedPatterns = null;
+}
+
+export function getPatternByName(name: string): LoadedPattern | undefined {
+  return loadPatterns().find((p) => p.name === name);
+}