npm - logshield-cli - Versions diffs - 0.2.9 → 0.3.0 - Mend

logshield-cli 0.2.9 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/cli/index.cjs +61 -24
package/package.json +1 -1

package/dist/cli/index.cjs CHANGED Viewed

@@ -108,9 +108,9 @@ var init_summary = __esm({
 function applyRules(input, rules, ctx, matches) {
   let output = input;
   for (const rule of rules) {
-    output = output.replace(rule.pattern, (...args2) => {
-      const match = args2[0];
-      const groups = args2.slice(1, -2);
+    output = output.replace(rule.pattern, (...args) => {
+      const match = args[0];
+      const groups = args.slice(1, -2);
       const replaced = rule.replace(match, ctx, groups);
       if (replaced !== match) {
         matches.push({
@@ -156,6 +156,16 @@ var init_tokens = __esm({
         pattern: /\beyJ[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\b/g,
         replace: () => "<REDACTED_JWT>"
       },
+      {
+        name: "OAUTH_ACCESS_TOKEN",
+        pattern: /\bya29\.[A-Za-z0-9._-]+\b/g,
+        replace: () => "<REDACTED_OAUTH_TOKEN>"
+      },
+      {
+        name: "OAUTH_REFRESH_TOKEN",
+        pattern: /\b1\/\/[A-Za-z0-9._-]+\b/g,
+        replace: () => "<REDACTED_OAUTH_REFRESH>"
+      },
       {
         name: "AUTH_BEARER",
         pattern: /\bBearer\s+[A-Za-z0-9._-]+\b/g,
@@ -179,12 +189,25 @@ var init_credentials = __esm({
       {
         name: "PASSWORD",
         pattern: /\bpassword=([^\s]+)/gi,
-        replace: (_match, _value, _ctx) => "password=<REDACTED_PASSWORD>"
+        replace: () => "password=<REDACTED_PASSWORD>"
+      },
+      // DB URL credential: postgres://user:pass@host
+      {
+        name: "DB_URL_CREDENTIAL",
+        pattern: /\b(postgres|mysql|mongodb):\/\/([^:\s]+):([^@\s]+)@/gi,
+        replace: (_match, _ctx, groups) => `${groups[0]}://${groups[1]}:<REDACTED_PASSWORD>@`
       },
+      // apiKey=...
       {
         name: "API_KEY",
         pattern: /\bapiKey=([A-Za-z0-9_\-]{16,})\b/g,
         replace: () => "<REDACTED_API_KEY>"
+      },
+      // x-api-key: ....
+      {
+        name: "API_KEY_HEADER",
+        pattern: /\bx-api-key:\s*[A-Za-z0-9_\-]{16,}\b/gi,
+        replace: () => "x-api-key: <REDACTED_API_KEY>"
       }
     ];
   }
@@ -201,10 +224,15 @@ var init_cloud = __esm({
         pattern: /\bAKIA[0-9A-Z]{16,20}\b/g,
         replace: (match, { strict }) => strict ? "<REDACTED_AWS_KEY>" : match
       },
+      {
+        name: "AWS_SECRET_KEY",
+        pattern: /\b[A-Za-z0-9\/+=]{40}\b/g,
+        replace: (match, { strict }) => strict ? "<REDACTED_AWS_SECRET>" : match
+      },
       {
         name: "STRIPE_SECRET_KEY",
         pattern: /\b(?:LS_STRIPE_(?:TEST|LIVE)_KEY_[A-Z0-9_]{10,}|sk_(?:test|live)_[A-Za-z0-9]{16,})\b/g,
-        replace: (match, ctx) => ctx.strict ? "<REDACTED_STRIPE_KEY>" : match
+        replace: (match, { strict }) => strict ? "<REDACTED_STRIPE_KEY>" : match
       }
     ];
   }
@@ -350,21 +378,12 @@ var { readInput: readInput2 } = (init_readInput(), __toCommonJS(readInput_export
 var { writeOutput: writeOutput2 } = (init_writeOutput(), __toCommonJS(writeOutput_exports));
 var { printSummary: printSummary2 } = (init_summary(), __toCommonJS(summary_exports));
 var { sanitizeLog: sanitizeLog2 } = (init_sanitizeLog(), __toCommonJS(sanitizeLog_exports));
-var args = process.argv.slice(2);
-function hasFlag(flag) {
-  return args.includes(flag);
-}
+var rawArgs = process.argv.slice(2);
 function getVersion() {
-  return true ? "0.2.9" : "unknown";
-}
-function getFileArg() {
-  const file = args[1];
-  if (!file || file.startsWith("--")) return void 0;
-  return file;
+  return true ? "0.3.0" : "unknown";
 }
-async function main() {
-  if (hasFlag("--help") || args.length === 0) {
-    process.stdout.write(`Usage: logshield scan [file]
+function printHelp() {
+  process.stdout.write(`Usage: logshield scan [file]
 Options:
   --strict     Aggressive redaction
@@ -373,21 +392,38 @@ Options:
   --version    Print version
   --help       Show help
 `);
+}
+function parseArgs(args) {
+  const flags = /* @__PURE__ */ new Set();
+  const positionals = [];
+  for (const arg of args) {
+    if (arg.startsWith("--")) {
+      flags.add(arg);
+    } else {
+      positionals.push(arg);
+    }
+  }
+  return { flags, positionals };
+}
+async function main() {
+  if (rawArgs.length === 0 || rawArgs.includes("--help")) {
+    printHelp();
     process.exit(0);
   }
-  if (hasFlag("--version")) {
+  if (rawArgs.includes("--version")) {
     console.log(`logshield v${getVersion()}`);
     process.exit(0);
   }
-  const command = args[0];
+  const { flags, positionals } = parseArgs(rawArgs);
+  const command = positionals[0];
   if (command !== "scan") {
     process.stderr.write("Unknown command\n");
     process.exit(1);
   }
-  const strict = hasFlag("--strict");
-  const json = hasFlag("--json");
-  const summary = hasFlag("--summary");
-  const file = getFileArg();
+  const file = positionals[1];
+  const strict = flags.has("--strict");
+  const json = flags.has("--json");
+  const summary = flags.has("--summary");
   try {
     const input = await readInput2(file);
     const result = sanitizeLog2(input, { strict });
@@ -395,6 +431,7 @@ Options:
     if (summary) {
       printSummary2(result.matches);
     }
+    process.exit(0);
   } catch (err) {
     process.stderr.write(err?.message || "Unexpected error");
     process.stderr.write("\n");

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "logshield-cli",
-  "version": "0.2.9",
+  "version": "0.3.0",
   "type": "commonjs",
   "bin": {
     "logshield": "dist/cli/index.cjs"