@@ -28,20 +28,57 @@ function generateEvent({ context, addons }: {context?: Json, addons?: EventAddon
2828}
2929
3030/**
31- * Example of object with sensitive information
31+ * Example of object with sensitive information.
32+ * Keys intentionally use snake_case/kebab-case to match data-filter list.
3233 */
34+ /* eslint-disable @typescript-eslint/naming-convention */
3335const sensitiveDataMock = {
3436 pan : '5500 0000 0000 0004' ,
3537 secret : 'D6A03F5C2E0E356F262D56F44370E1CD813583B2' ,
3638 credentials : '70BA33708CBFB103F1A8E34AFEF333BA7DC021022B2D9AAA583AABB8058D8D67' ,
3739 'card[number]' : '5500 0000 0000 0004' ,
3840 password : 'bFb7PBm6nZ7RJRq9' ,
41+ oldpassword : 'oldSecret123' ,
42+ newpassword : 'newSecret456' ,
43+ 'old-password' : 'oldSecretHyphen' ,
44+ old_password : 'oldSecretUnderscore' ,
45+ 'new-password' : 'newSecretHyphen' ,
46+ new_password : 'newSecretUnderscore' ,
3947 auth : 'C4CA4238A0B923820DCC509A6F75849B' ,
40- // eslint-disable-next-line @typescript-eslint/naming-convention
4148 access_token : '70BA33708CBFB103F1A8E34AFEF333BA7DC021022B2D9AAA583AABB8058D8D67' ,
4249 accessToken : '70BA33708CBFB103F1A8E34AFEF333BA7DC021022B2D9AAA583AABB8058D8D67' ,
4350} ;
4451
52+ /**
53+ * Additional sensitive keys (newly added / previously uncovered).
54+ * Keys intentionally use snake_case to match data-filter list.
55+ */
56+ const additionalSensitiveDataMock = {
57+ authorization : 'Bearer abc123' ,
58+ token : 'token-value' ,
59+ jwt : 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9' ,
60+ session : 'sess_xyz' ,
61+ session_id : 'sid_789' ,
62+ api_key : 'sk_live_xxx' ,
63+ bearer : 'Bearer token' ,
64+ client_secret : 'client_secret_value' ,
65+ passwd : 'passwd_value' ,
66+ mysql_pwd : 'mysql_pwd_value' ,
67+ private_key : '-----BEGIN PRIVATE KEY-----' ,
68+ ssh_key : 'ssh-rsa AAAA...' ,
69+ card : '4111111111111111' ,
70+ cardnumber : '5500000000000004' ,
71+ creditcard : '4111111111111111' ,
72+ pin : '1234' ,
73+ security_code : '999' ,
74+ stripetoken : 'tok_xxx' ,
75+ cloudpayments_public_id : 'pk_xxx' ,
76+ cloudpayments_secret : 'secret_xxx' ,
77+ dsn : 'postgres://user:pass@host/db' ,
78+ ssn : '123-45-6789' ,
79+ } ;
80+ /* eslint-enable @typescript-eslint/naming-convention */
81+
4582describe ( 'GrouperWorker' , ( ) => {
4683 const dataFilter = new DataFilter ( ) ;
4784
@@ -123,6 +160,34 @@ describe('GrouperWorker', () => {
123160 } ) ;
124161 } ) ;
125162
163+ test ( 'should filter additional sensitive keys (authorization, token, payment, dsn, ssn, etc.) in context' , async ( ) => {
164+ const event = generateEvent ( {
165+ context : additionalSensitiveDataMock ,
166+ } ) ;
167+
168+ dataFilter . processEvent ( event ) ;
169+
170+ Object . keys ( additionalSensitiveDataMock ) . forEach ( ( key ) => {
171+ expect ( event . context [ key ] ) . toBe ( '[filtered]' ) ;
172+ } ) ;
173+ } ) ;
174+
175+ test ( 'should filter additional sensitive keys in addons' , async ( ) => {
176+ const event = generateEvent ( {
177+ addons : {
178+ vue : {
179+ props : additionalSensitiveDataMock ,
180+ } ,
181+ } ,
182+ } ) ;
183+
184+ dataFilter . processEvent ( event ) ;
185+
186+ Object . keys ( additionalSensitiveDataMock ) . forEach ( ( key ) => {
187+ expect ( event . addons [ 'vue' ] [ 'props' ] [ key ] ) . toBe ( '[filtered]' ) ;
188+ } ) ;
189+ } ) ;
190+
126191 test ( 'should not replace values with keynames not in a list' , async ( ) => {
127192 const normalValue = 'test123' ;
128193 const event = generateEvent ( {
@@ -154,7 +219,7 @@ describe('GrouperWorker', () => {
154219 const event = generateEvent ( {
155220 context : {
156221 userId : uuidWithManyDigits ,
157- sessionId : uuidUpperCase ,
222+ requestId : uuidUpperCase ,
158223 transactionId : uuidNoDashes ,
159224 } ,
160225 addons : {
@@ -169,7 +234,7 @@ describe('GrouperWorker', () => {
169234 dataFilter . processEvent ( event ) ;
170235
171236 expect ( event . context [ 'userId' ] ) . toBe ( uuidWithManyDigits ) ;
172- expect ( event . context [ 'sessionId ' ] ) . toBe ( uuidUpperCase ) ;
237+ expect ( event . context [ 'requestId ' ] ) . toBe ( uuidUpperCase ) ;
173238 expect ( event . context [ 'transactionId' ] ) . toBe ( uuidNoDashes ) ;
174239 expect ( event . addons [ 'vue' ] [ 'props' ] [ 'componentId' ] ) . toBe ( uuidWithManyDigits ) ;
175240 } ) ;
0 commit comments