UNPKG

codeceptjs

Version:

Supercharged End 2 End Testing Framework for NodeJS

codecept.io

codeceptjs/CodeceptJS

151 lines (112 loc) 3.46 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
# Secrets It is possible to **mask out sensitive data** when passing it to steps. This is important when filling password fields, or sending secure keys to API endpoint. CodeceptJS provides two approaches for masking sensitive data: ## 1. Using the `secret()` Function Wrap data in `secret` function to mask sensitive values in output and logs. For basic string `secret` just wrap a value into a string: ```js I.fillField('password', secret('123456')) ``` When executed it will be printed like this: ``` I fill field "password" "*****" ``` **Other Examples** ```js I.fillField('password', secret('123456')) I.append('password', secret('123456')) I.type('password', secret('123456')) ``` For an object, which can be a payload to POST request, specify which fields should be masked: ```js I.sendPostRequest( '/login', secret( { name: 'davert', password: '123456', }, 'password', ), ) ``` The object created from `secret` is as Proxy to the object passed in. When printed password will be replaced with \*\*\*\*. > ⚠️ Only direct properties of the object can be masked via `secret` ## 2. Global Sensitive Data Masking CodeceptJS can automatically mask sensitive data in all output (logs, steps, debug messages, errors) using configurable patterns. This feature uses the `maskSensitiveData` configuration option. ### Basic Usage (Boolean) Enable basic masking with predefined patterns: ```js // codecept.conf.js export const config = { // ... other config maskSensitiveData: true, } ``` This will mask common sensitive data patterns like: - Authorization headers - API keys - Passwords - Tokens - Client secrets ### Advanced Usage (Custom Patterns) Define your own masking patterns: ```js // codecept.conf.js export const config = { // ... other config maskSensitiveData: { enabled: true, patterns: [ { name: 'Email', regex: /(\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b)/gi, mask: '[MASKED_EMAIL]', }, { name: 'Credit Card', regex: /\b(?:\d{4}[- ]?){3}\d{4}\b/g, mask: '[MASKED_CARD]', }, { name: 'Phone Number', regex: /(\+?1[-.\s]?)?\(?([0-9]{3})\)?[-.\s]?([0-9]{3})[-.\s]?([0-9]{4})/g, mask: '[MASKED_PHONE]', }, { name: 'SSN', regex: /\b\d{3}-\d{2}-\d{4}\b/g, mask: '[MASKED_SSN]', }, ], }, } ``` ### Pattern Configuration Each custom pattern object should have: - `name`: A descriptive name for the pattern - `regex`: A JavaScript regular expression to match the sensitive data - `mask`: The replacement string to show instead of the sensitive data ### Examples With the above configuration: **Input:** ``` User email: john.doe@company.com Credit card: 4111 1111 1111 1111 Phone: +1-555-123-4567 ``` **Output:** ``` User email: [MASKED_EMAIL] Credit card: [MASKED_CARD] Phone: [MASKED_PHONE] ``` ### Where Masking Applies Global sensitive data masking is applied to: - Step descriptions and output - Debug messages (`--debug` mode) - Log messages (`--verbose` mode) - Error messages - Success messages > ⚠️ Direct `console.log()` calls in helper functions are not masked. Use CodeceptJS output functions instead. ### Combining Both Approaches You can use both `secret()` function and global masking together. The `secret()` function is applied first, then global patterns are applied to the remaining output.