@cyclonedx/cdxgen
Version:
Creates CycloneDX Software Bill of Materials (SBOM) from source or container image
47 lines (41 loc) • 1.23 kB
JavaScript
import { assert, describe, it } from "poku";
import {
sanitizeBomPropertyValue,
sanitizeBomUrl,
} from "./propertySanitizer.js";
describe("propertySanitizer", () => {
it("redacts additional token formats and sensitive nested keys", () => {
const sanitized = sanitizeBomPropertyValue("cdx:skill:metadata", {
apiKey: "sk-proj_secret_value_here",
nested: {
bearerToken: "bearer super-secret-token-value",
endpoint: "https://example.com/path?token=abc#frag",
},
});
assert.strictEqual(
sanitized,
JSON.stringify({
apiKey: "[redacted]",
nested: {
bearerToken: "[redacted]",
endpoint: "https://example.com/path",
},
}),
);
});
it("summarizes commands after stripping env wrappers and absolute paths", () => {
assert.strictEqual(
sanitizeBomPropertyValue(
"cdx:mcp:command",
"OPENAI_API_KEY=sk-test /usr/bin/env python /tmp/run.py",
),
"python",
);
});
it("sanitizes urls without keeping credentials or tokens", () => {
assert.strictEqual(
sanitizeBomUrl("https://example.com/path?token=abc#frag"),
"https://example.com/path",
);
});
});