fortify2-js/dist/cjs/utils/errorHandler.js

MOST POWERFUL JavaScript Security Library! Military-grade cryptography + 19 enhanced object methods + quantum-resistant algorithms + perfect TypeScript support. More powerful than Lodash with built-in security.

'use strict';

/**
 * Robust Error Handling Utilities for FortifyJS
 * Enhanced error handling with security considerations
 */
exports.ErrorType = void 0;
(function (ErrorType) {
    ErrorType["VALIDATION"] = "VALIDATION";
    ErrorType["CRYPTOGRAPHIC"] = "CRYPTOGRAPHIC";
    ErrorType["AUTHENTICATION"] = "AUTHENTICATION";
    ErrorType["AUTHORIZATION"] = "AUTHORIZATION";
    ErrorType["NETWORK"] = "NETWORK";
    ErrorType["CONFIGURATION"] = "CONFIGURATION";
    ErrorType["RATE_LIMIT"] = "RATE_LIMIT";
    ErrorType["INTERNAL"] = "INTERNAL";
    ErrorType["SCALING"] = "SCALING";
})(exports.ErrorType || (exports.ErrorType = {}));
exports.ErrorSeverity = void 0;
(function (ErrorSeverity) {
    ErrorSeverity["LOW"] = "LOW";
    ErrorSeverity["MEDIUM"] = "MEDIUM";
    ErrorSeverity["HIGH"] = "HIGH";
    ErrorSeverity["CRITICAL"] = "CRITICAL";
})(exports.ErrorSeverity || (exports.ErrorSeverity = {}));
/**
 * Create a security-aware error
 */
function createSecurityError(message, type, severity, code, context, isRetryable = false) {
    const error = new Error(message);
    error.type = type;
    error.severity = severity;
    error.code = code;
    error.context = {
        operation: context.operation || "unknown",
        timestamp: new Date(),
        ...context,
    };
    error.isRetryable = isRetryable;
    error.sanitizedMessage = sanitizeErrorMessage(message, type);
    return error;
}
/**
 * Sanitize error messages to prevent information leakage
 */
function sanitizeErrorMessage(message, type) {
    // Remove sensitive information from error messages
    const sensitivePatterns = [
        /password/gi,
        /key/gi,
        /token/gi,
        /secret/gi,
        /private/gi,
        /\b\d{4,}\b/g, // Numbers that might be keys/tokens
        /[A-Za-z0-9+/]{20,}/g, // Base64-like strings
    ];
    let sanitized = message;
    // For authentication/authorization errors, use generic messages
    if (type === exports.ErrorType.AUTHENTICATION || type === exports.ErrorType.AUTHORIZATION) {
        return "Authentication failed. Please check your credentials.";
    }
    // For cryptographic errors, provide helpful but not revealing messages
    if (type === exports.ErrorType.CRYPTOGRAPHIC) {
        if (message.toLowerCase().includes("decrypt")) {
            return "Decryption failed. Please verify your password or key.";
        }
        if (message.toLowerCase().includes("encrypt")) {
            return "Encryption failed. Please check your input data.";
        }
        if (message.toLowerCase().includes("key")) {
            return "Invalid key format or size.";
        }
        return "Cryptographic operation failed.";
    }
    // Remove sensitive patterns from other error types
    for (const pattern of sensitivePatterns) {
        sanitized = sanitized.replace(pattern, "[REDACTED]");
    }
    return sanitized;
}
/**
 * Error logging utility with security considerations
 */
class SecurityErrorLogger {
    constructor(logSensitiveData = false) {
        this.logSensitiveData = logSensitiveData;
    }
    /**
     * Log security error with appropriate level of detail
     */
    logError(error) {
        const logEntry = {
            timestamp: error.context.timestamp.toISOString(),
            type: error.type,
            severity: error.severity,
            code: error.code,
            operation: error.context.operation,
            message: this.logSensitiveData
                ? error.message
                : error.sanitizedMessage,
            userId: error.context.userId,
            sessionId: error.context.sessionId,
            ipAddress: error.context.ipAddress,
            isRetryable: error.isRetryable,
        };
        // Log based on severity
        switch (error.severity) {
            case exports.ErrorSeverity.CRITICAL:
                console.error("CRITICAL SECURITY ERROR:", logEntry);
                break;
            case exports.ErrorSeverity.HIGH:
                console.error("HIGH SEVERITY ERROR:", logEntry);
                break;
            case exports.ErrorSeverity.MEDIUM:
                console.warn("MEDIUM SEVERITY ERROR:", logEntry);
                break;
            case exports.ErrorSeverity.LOW:
                console.info("LOW SEVERITY ERROR:", logEntry);
                break;
        }
        // Additional alerting for critical errors
        if (error.severity === exports.ErrorSeverity.CRITICAL) {
            this.alertCriticalError(error);
        }
    }
    alertCriticalError(error) {
        //TODO: In a real implementation, this would send alerts to monitoring systems (like smartlogger)
        // for now, we'll just display in the user log (I think it not a good idea)
        // so my suggestion is to just display error without show details
        console.error("CRITICAL ERROR ALERT - IMMEDIATE ATTENTION REQUIRED:", {
            code: error.code,
            operation: error.context.operation,
            timestamp: error.context.timestamp,
        });
    }
}

exports.SecurityErrorLogger = SecurityErrorLogger;
exports.createSecurityError = createSecurityError;
//# sourceMappingURL=errorHandler.js.map