UNPKG

hide-secrets

Version:

for when you want to log objects, but hide certain restricted fields, e.g., passwords.

github.com/bcoe/hide-secrets

bcoe/hide-secrets

116 lines (97 loc) 2.38 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
var secret = require('../') var tap = require('tap') tap.test('it hides secrets in top level keys', function (t) { var obj = { auth: 'abc123', password: '123abc' } var out = secret(obj) t.equal(out.auth, '[SECRET]') t.end() }) tap.test('it does not hide strings that are not secret', function (t) { var obj = { auth: 'abc123', email: 'ben@example.com' } var out = secret(obj) t.equal(out.auth, '[SECRET]') t.equal(out.email, 'ben@example.com') t.end() }) tap.test('it hides secrets in arrays', function (t) { var obj = { auth: ['a', 'b'], email: 'ben@example.com' } var out = secret(obj) t.equal(out.auth[0], '[SECRET]') t.equal(out.auth[1], '[SECRET]') t.equal(out.email, 'ben@example.com') t.end() }) tap.test('it hides secrets in objects', function (t) { var obj = { auth: { foo: 'a', bar: 'b' }, email: 'ben@example.com' } var out = secret(obj) t.equal(out.auth.foo, '[SECRET]') t.equal(out.auth.bar, '[SECRET]') t.equal(out.email, 'ben@example.com') t.end() }) tap.test('it hides secrets nested in objects', function (t) { var obj = { credentials: { body: { email: 'ben@example.com', pass: 'abc123' } } } var out = secret(obj) t.equal(out.credentials.body.pass, '[SECRET]') t.equal(out.credentials.body.email, 'ben@example.com') t.end() }) tap.test('it hides secrets in inner objects and arrays', function (t) { var obj = { credentials: { body: { password: { foo: 'bar' }, pass: ['abc123'] } } } var out = secret(obj) t.equal(out.credentials.body.password.foo, '[SECRET]') t.equal(out.credentials.body.pass[0], '[SECRET]') t.end() }) tap.test('it does not explode if a null object is passed in', function (t) { var out = secret(null) t.equal(out, null) t.end() }) tap.test('it does not explode if a string is passed in', function (t) { var out = secret('hello') t.equal(out, 'hello') t.end() }) tap.test('it does not hide empty strings', function (t) { var obj = { auth: '' } var out = secret(obj) t.equal(out.auth, '') t.end() }) tap.test('it uses custom bad words', function (t) { var obj = { identity: '-----BEGIN RSA PRIVATE KEY-----' } var out = secret(obj, { badWords: 'identity' }) t.equal(out.identity, '[SECRET]') t.end() })