@zapier/secret-scrubber 1.0.5 → 1.0.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +15 -1
- package/lib/convenience.d.ts +6 -1
- package/lib/convenience.js +6 -1
- package/lib/index.js +5 -7
- package/lib/utils.js +1 -4
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -1,6 +1,20 @@
|
|
|
1
|
+
## 1.0.6
|
|
2
|
+
|
|
3
|
+
_released `2022-04-06`_
|
|
4
|
+
|
|
5
|
+
- tweak `findSensitiveValues` to no longer return _any_ url with a querystring. It's always tried to extract secrets from a url, but now doesn't fall back to censoring the whole url.
|
|
6
|
+
|
|
7
|
+
Calling `findSensitiveValues` with a structure containing urls:
|
|
8
|
+
|
|
9
|
+
| input | before | after |
|
|
10
|
+
| ---------------------------- | -------------------------------- | ---------- |
|
|
11
|
+
| `zapier.com` | `[]` | `[]` |
|
|
12
|
+
| `zapier.com?api_key=123456` | `[123456]` | `[123456]` |
|
|
13
|
+
| `zapier.com?safe_key=123456` | `["zapier.com?safe_key=123456"]` | `[]` |
|
|
14
|
+
|
|
1
15
|
## 1.0.5
|
|
2
16
|
|
|
3
|
-
|
|
17
|
+
_released `2021-10-25`_
|
|
4
18
|
|
|
5
19
|
- Reduce `scrub` memory usage
|
|
6
20
|
|
package/lib/convenience.d.ts
CHANGED
|
@@ -6,4 +6,9 @@ export declare const SENSITIVE_SUBSTRINGS: string[];
|
|
|
6
6
|
*/
|
|
7
7
|
export declare const isUrlWithSecrets: (val: any) => boolean;
|
|
8
8
|
export declare const isSensitiveKey: (key: string) => boolean;
|
|
9
|
-
|
|
9
|
+
/**
|
|
10
|
+
* Given a string:
|
|
11
|
+
* * if it's a valid url, return a `string[]` of any extracted secrets. Only secret keys will be pulled from the querystring
|
|
12
|
+
* * if it's not a valid url, return `null`
|
|
13
|
+
*/
|
|
14
|
+
export declare const extractSecretsFromUrl: (maybeUrlStr: string) => string[] | null;
|
package/lib/convenience.js
CHANGED
|
@@ -35,6 +35,11 @@ const isUrlWithSecrets = (val) => {
|
|
|
35
35
|
exports.isUrlWithSecrets = isUrlWithSecrets;
|
|
36
36
|
const isSensitiveKey = (key) => exports.SENSITIVE_SUBSTRINGS.some((substr) => key.toLowerCase().includes(substr));
|
|
37
37
|
exports.isSensitiveKey = isSensitiveKey;
|
|
38
|
+
/**
|
|
39
|
+
* Given a string:
|
|
40
|
+
* * if it's a valid url, return a `string[]` of any extracted secrets. Only secret keys will be pulled from the querystring
|
|
41
|
+
* * if it's not a valid url, return `null`
|
|
42
|
+
*/
|
|
38
43
|
const extractSecretsFromUrl = (maybeUrlStr) => {
|
|
39
44
|
try {
|
|
40
45
|
const subValues = [];
|
|
@@ -56,7 +61,7 @@ const extractSecretsFromUrl = (maybeUrlStr) => {
|
|
|
56
61
|
const err = e;
|
|
57
62
|
if (err.code === 'ERR_INVALID_URL') {
|
|
58
63
|
// not a url, ignore
|
|
59
|
-
return
|
|
64
|
+
return null;
|
|
60
65
|
}
|
|
61
66
|
// otherwise, actual error - throw!
|
|
62
67
|
throw e;
|
package/lib/index.js
CHANGED
|
@@ -46,15 +46,13 @@ const findSensitiveValues = (obj) => {
|
|
|
46
46
|
.reduce((result, value) => {
|
|
47
47
|
// iterate the first pass and try to pull more specific info about of urls
|
|
48
48
|
const urlSecrets = (0, convenience_1.extractSecretsFromUrl)(value);
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
return [...result,
|
|
49
|
+
if (urlSecrets == null) {
|
|
50
|
+
// value wasn't a url, pass it through
|
|
51
|
+
return [...result, value];
|
|
52
52
|
}
|
|
53
|
-
//
|
|
54
|
-
return [...result,
|
|
53
|
+
// return any secrets found (could be 0), but not the full url
|
|
54
|
+
return [...result, ...urlSecrets];
|
|
55
55
|
}, []);
|
|
56
|
-
// iterate the first pass and try to pull out
|
|
57
|
-
// return values.re
|
|
58
56
|
};
|
|
59
57
|
exports.findSensitiveValues = findSensitiveValues;
|
|
60
58
|
var utils_2 = require("./utils");
|
package/lib/utils.js
CHANGED
|
@@ -25,7 +25,7 @@ const censor = (val) => {
|
|
|
25
25
|
// }
|
|
26
26
|
const salted = val + ((_a = process.env.ZAPIER_SCRUBBER_SALT) !== null && _a !== void 0 ? _a : 'averysecretsalt');
|
|
27
27
|
const hashed = (0, exports.hash)(salted);
|
|
28
|
-
return `:censored:${val.length}:${hashed.
|
|
28
|
+
return `:censored:${val.length}:${hashed.substring(0, 10)}:`;
|
|
29
29
|
};
|
|
30
30
|
exports.censor = censor;
|
|
31
31
|
/**
|
|
@@ -120,9 +120,6 @@ const recurseExtract = (obj, matcher) => {
|
|
|
120
120
|
}
|
|
121
121
|
// value is simple-ish
|
|
122
122
|
if (matcher(key, value)) {
|
|
123
|
-
if (value == null) {
|
|
124
|
-
return value; // gets filtered below
|
|
125
|
-
}
|
|
126
123
|
return value === null || value === void 0 ? void 0 : value.toString();
|
|
127
124
|
}
|
|
128
125
|
})
|