From 42488ab6c5362dcb5436327db45de38ae916741d Mon Sep 17 00:00:00 2001 From: KatoakDR <68095633+KatoakDR@users.noreply.github.com> Date: Mon, 22 Jan 2024 01:57:26 -0600 Subject: [PATCH] feat: redact 'accessToken' and 'apiKey' --- .../logger/__tests__/logger-format.test.ts | 4 ++-- .../logger/__tests__/logger-mask.test.ts | 22 +++++++++---------- electron/common/logger/logger.mask.ts | 6 ++++- 3 files changed, 18 insertions(+), 14 deletions(-) diff --git a/electron/common/logger/__tests__/logger-format.test.ts b/electron/common/logger/__tests__/logger-format.test.ts index 4949960b..05eae8fb 100644 --- a/electron/common/logger/__tests__/logger-format.test.ts +++ b/electron/common/logger/__tests__/logger-format.test.ts @@ -96,14 +96,14 @@ describe('logger-format', () => { it('should mask sensitive values', () => { const data = { password: 'secret', - key: 'secret', + apiKey: 'secret', }; const result = formatLogData(data); expect(result).toEqual({ password: '***REDACTED***', - key: '***REDACTED***', + apiKey: '***REDACTED***', }); }); }); diff --git a/electron/common/logger/__tests__/logger-mask.test.ts b/electron/common/logger/__tests__/logger-mask.test.ts index 1d2c7395..73ad0bc7 100644 --- a/electron/common/logger/__tests__/logger-mask.test.ts +++ b/electron/common/logger/__tests__/logger-mask.test.ts @@ -3,32 +3,32 @@ import { isNotMaskable, maskSensitiveValues } from '../logger.mask'; describe('logger-mask', () => { describe('#maskSensitiveValues', () => { const data: Record = { - key: 'key1', + accessToken: 'accessToken1', password: 'password1', apiKey: 'apiKey1', credential: 'credential1', nested: { - key: 'key2', + accessToken: 'accessToken2', password: 'password2', apiKey: 'apiKey2', credential: 'credential2', }, }; - it('should mask password and key properties by default', () => { + it('should mask password, accessToken, and apiKey properties by default', () => { const result = maskSensitiveValues({ json: data, }); expect(result).toEqual({ - key: '***REDACTED***', + accessToken: '***REDACTED***', password: '***REDACTED***', - apiKey: 'apiKey1', + apiKey: '***REDACTED***', credential: 'credential1', nested: { - key: '***REDACTED***', + accessToken: '***REDACTED***', password: '***REDACTED***', - apiKey: 'apiKey2', + apiKey: '***REDACTED***', credential: 'credential2', }, }); @@ -41,12 +41,12 @@ describe('logger-mask', () => { }); expect(result).toEqual({ - key: 'key1', + accessToken: 'accessToken1', password: 'password1', apiKey: '***REDACTED***', credential: '***REDACTED***', nested: { - key: 'key2', + accessToken: 'accessToken2', password: 'password2', apiKey: '***REDACTED***', credential: '***REDACTED***', @@ -62,12 +62,12 @@ describe('logger-mask', () => { }); expect(result).toEqual({ - key: 'key1', + accessToken: 'accessToken1', password: 'password1', apiKey: '***MASKED***', credential: '***MASKED***', nested: { - key: 'key2', + accessToken: 'accessToken2', password: 'password2', apiKey: '***MASKED***', credential: '***MASKED***', diff --git a/electron/common/logger/logger.mask.ts b/electron/common/logger/logger.mask.ts index 744031cc..ac20ebd2 100644 --- a/electron/common/logger/logger.mask.ts +++ b/electron/common/logger/logger.mask.ts @@ -21,7 +21,11 @@ export function maskSensitiveValues(options: { */ mask?: string; }): any { - const { json, keys = ['password', 'key'], mask = '***REDACTED***' } = options; + const { + json, + keys = ['password', 'accessToken', 'apiKey'], + mask = '***REDACTED***', + } = options; if (isNotMaskable(json)) { return json;