UNPKG

@cyclonedx/cdxgen

Version:

Creates CycloneDX Software Bill of Materials (SBOM) from source or container image

47 lines (41 loc) 1.23 kB
import { assert, describe, it } from "poku"; import { sanitizeBomPropertyValue, sanitizeBomUrl, } from "./propertySanitizer.js"; describe("propertySanitizer", () => { it("redacts additional token formats and sensitive nested keys", () => { const sanitized = sanitizeBomPropertyValue("cdx:skill:metadata", { apiKey: "sk-proj_secret_value_here", nested: { bearerToken: "bearer super-secret-token-value", endpoint: "https://example.com/path?token=abc#frag", }, }); assert.strictEqual( sanitized, JSON.stringify({ apiKey: "[redacted]", nested: { bearerToken: "[redacted]", endpoint: "https://example.com/path", }, }), ); }); it("summarizes commands after stripping env wrappers and absolute paths", () => { assert.strictEqual( sanitizeBomPropertyValue( "cdx:mcp:command", "OPENAI_API_KEY=sk-test /usr/bin/env python /tmp/run.py", ), "python", ); }); it("sanitizes urls without keeping credentials or tokens", () => { assert.strictEqual( sanitizeBomUrl("https://example.com/path?token=abc#frag"), "https://example.com/path", ); }); });