@redocly/respect-core/lib/modules/logger-output/mask-secrets.js

API testing framework core

export const POTENTIALLY_SECRET_FIELDS = [
    'token',
    'access_token',
    'id_token',
    'password',
    'client_secret',
];
export function maskSecrets(target, secretValues) {
    const maskValue = (value, secret) => {
        return value.replace(secret, '*'.repeat(8));
    };
    if (typeof target === 'string') {
        let maskedString = target;
        secretValues.forEach((secret) => {
            maskedString = maskedString.split(secret).join('*'.repeat(8));
        });
        return maskedString;
    }
    const masked = JSON.parse(JSON.stringify(target));
    const maskIfContainsSecret = (value) => {
        let maskedValue = value;
        for (const secret of secretValues) {
            if (maskedValue.includes(secret)) {
                maskedValue = maskValue(maskedValue, secret);
            }
        }
        return maskedValue;
    };
    const maskRecursive = (current) => {
        for (const key in current) {
            if (typeof current[key] === 'string') {
                current[key] = maskIfContainsSecret(current[key]);
            }
            else if (typeof current[key] === 'object' && current[key] !== null) {
                maskRecursive(current[key]);
            }
        }
    };
    maskRecursive(masked);
    return masked;
}
export function containsSecret(value, secretValues) {
    return Array.from(secretValues).some((secret) => value.includes(secret));
}
export function findPotentiallySecretObjectFields(obj, tokenKeys = POTENTIALLY_SECRET_FIELDS) {
    const foundTokens = [];
    if (!obj || typeof obj !== 'object') {
        return foundTokens;
    }
    const searchInObject = (currentObj) => {
        if (!currentObj || typeof currentObj !== 'object') {
            return;
        }
        if (Array.isArray(currentObj)) {
            for (const item of currentObj) {
                searchInObject(item);
            }
            return;
        }
        for (const key in currentObj) {
            const value = currentObj[key];
            // Check if the key matches any of the token keys (case-insensitive)
            if (tokenKeys.some((tokenKey) => tokenKey.toLowerCase() === key.toLowerCase())) {
                if (typeof value === 'string' && value.trim()) {
                    foundTokens.push(value);
                }
            }
            if (value && typeof value === 'object') {
                searchInObject(value);
            }
        }
    };
    searchInObject(obj);
    return foundTokens;
}
//# sourceMappingURL=mask-secrets.js.map