feat: disable some built-in regex

Author: sharevb

src/tools/sensitive-data-masker/sensitive-data-masker.service.test.ts

@@ -18,15 +18,15 @@ describe('sensitive-data-masker', () => {
 }`;
 
     it('should maks sensitive data', () => {
-      expect(maskSensitiveData(
-        data,
-      )).toBe(`{
+      expect(maskSensitiveData({
+        value: data,
+      })).toBe(`{
   email: 'jo****************om',
   creditCard: '12***************76',
   id: '3f********************************7b',
   name: 'John',
   surname: 'Doe',
-  phone: '+35**********67',
+  phone: '+3***********67',
   url: 'tr***********om',
   ip4: '83*******56',
   ip6: '20*************************01',
@@ -35,21 +35,40 @@ describe('sensitive-data-masker', () => {
 }`);
     });
     it('should maks sensitive data (with custom regex)', () => {
-      expect(maskSensitiveData(
-        data,
-        'John\nDoe',
-      )).toBe(`{
+      expect(maskSensitiveData({
+        value: data,
+        customRegex: 'John\nDoe',
+      })).toBe(`{
   email: 'jo****************om',
   creditCard: '12***************76',
   id: '3f********************************7b',
   name: '****',
   surname: '***',
-  phone: '+35**********67',
+  phone: '+3***********67',
   url: 'tr***********om',
   ip4: '83*******56',
   ip6: '20*************************01',
   mac: '3D*************4F',
   token: 'ey*****************************************************************************************************************************************************************b8',
+}`);
+    });
+
+    it('should maks sensitive data (with excluded matchers)', () => {
+      expect(maskSensitiveData({
+        value: data,
+        excludedMatchers: ['mac', 'ipv4'],
+      })).toBe(`{
+  email: 'jo****************om',
+  creditCard: '12***************76',
+  id: '3f********************************7b',
+  name: 'John',
+  surname: 'Doe',
+  phone: '+3***********67',
+  url: 'tr***********om',
+  ip4: '83.24.45.56',
+  ip6: '20*************************01',
+  mac: '3D:F2:C9:A6:B3:4F',
+  token: 'ey*****************************************************************************************************************************************************************b8',
 }`);
     });
   });

src/tools/sensitive-data-masker/sensitive-data-masker.service.ts

@@ -1,22 +1,34 @@
 import { maskString } from 'data-guardian';
+import ipRegex from 'ip-regex';
 
-const jwtRegex = /\b([a-zA-Z0-9_=]+)\.([a-zA-Z0-9_=]+)\.([a-zA-Z0-9_\-\+\/=]*)\b/g;
-const phoneRegex = /\b(?:(\+\d{1,4})[-.\s]?)?(?:[(](\d{1,3})[)][-.\s]?)?(\d{1,4})[-.\s]?(\d{1,4})[-.\s]?(\d{1,9})\b/g;
+const jwtRegex = /\b([a-zA-Z0-9_=]{5,})\.([a-zA-Z0-9_=]{5,})\.([a-zA-Z0-9_\-\+\/=]{5,})\b/g;
+const phoneRegex = /(?:(\+\d{1,4})[-.\s]?)(?:[(](\d{1,3})[)][-.\s]?)?(\d{1,4})[-.\s]?(\d{1,4})[-.\s]?(\d{1,9})\b/g;
 const macRegex = /\b([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})\b/g;
-const ipv6Regex = /\b(?:(::|[0-9a-fA-F]{1,4}:{1,2})([0-9a-fA-F]{1,4}:{1,2}){0,6}([0-9a-fA-F]{1,4}|::)?)\b/g;
-const urlWithOrWithoutPrefixRegex = /\b(https?:\/\/)?(www\\.)?[-a-zA-Z0-9@:%.\_\\+~#=]{2,256}\\.[a-z]{2,6}\\b([-a-zA-Z0-9@:%\_\\+.~#?&//=]\*)\b/g;
+const urlWithOrWithoutPrefixRegex = /\b(https?:\/\/)?(www\.)?[a-zA-Z0-9@:%._+~#=-]{2,256}\.[a-z]{2,6}\b([-a-zA-Z0-9@:%_+.~#?&\/=]*)\b/g;
 
-export function maskSensitiveData(value: string, customRegex?: string) {
+export type MatcherNames = 'uuid' | 'creditCard' | 'ssn' | 'url' | 'ipv4' | 'email' | 'passwordInUri' | 'mac' | 'ipv6' | 'urlWithOrWithoutPrefix' | 'jwt' | 'phone';
+
+export function maskSensitiveData({
+  value,
+  customRegex = '',
+  excludedMatchers = [],
+}: {
+  value: string
+  customRegex?: string
+  excludedMatchers?: Array<MatcherNames>
+}) {
+  excludedMatchers = excludedMatchers || [];
+  const emptyRegex = /(?:)/g;
   return maskString(value, null as never, {
     customRegex: new RegExp((customRegex || '').split('\n').map(line => `(${line})`).join('|'), 'gi'),
-    macRegex,
-    ipv6Regex,
-    urlWithOrWithoutPrefixRegex,
-    jwtRegex,
-    phoneRegex,
+    macRegex: excludedMatchers.includes('mac') ? emptyRegex : macRegex,
+    ipv6Regex: excludedMatchers.includes('ipv6') ? emptyRegex : ipRegex.v6({ includeBoundaries: false }),
+    urlWithOrWithoutPrefixRegex: excludedMatchers.includes('urlWithOrWithoutPrefix') ? emptyRegex : urlWithOrWithoutPrefixRegex,
+    jwtRegex: excludedMatchers.includes('jwt') ? emptyRegex : jwtRegex,
+    phoneRegex: excludedMatchers.includes('phone') ? emptyRegex : phoneRegex,
   }, {
-    excludeMatchers: [
+    excludeMatchers: [...excludedMatchers, ...[
       'passwordMention', 'password', 'passwordSubstring',
-    ],
+    ]],
   });
 }

src/tools/sensitive-data-masker/sensitive-data-masker.vue

@@ -1,5 +1,5 @@
 <script setup lang="ts">
-import { maskSensitiveData } from './sensitive-data-masker.service';
+import { type MatcherNames, maskSensitiveData } from './sensitive-data-masker.service';
 import { withDefaultOnError } from '@/utils/defaults';
 
 const defaultValue = `{
@@ -17,12 +17,18 @@ const defaultValue = `{
 }`;
 
 const customRegex = useStorage('sensitive-data:regex', '');
+const excludedMatchers = useStorage('sensitive-data:exclude', [] as string[]);
+const allMatchers = [
+  'uuid', 'creditCard', 'ssn', 'url', 'ipv4', 'email',
+  'passwordInUri', 'mac', 'ipv6', 'urlWithOrWithoutPrefix',
+  'jwt', 'phone'];
 
 function transformer(value: string) {
-  return withDefaultOnError(() => maskSensitiveData(
+  return withDefaultOnError(() => maskSensitiveData({
     value,
-    customRegex.value,
-  ), '');
+    customRegex: customRegex.value,
+    excludedMatchers: excludedMatchers.value as MatcherNames[],
+  }), '');
 }
 </script>
 
@@ -35,6 +41,16 @@ function transformer(value: string) {
       raw-text
       multiline
       rows="4"
+      mb-2
+    />
+
+    <n-select
+      v-model:value="excludedMatchers"
+      placeholder="No Fallback"
+      multiple
+      :fallback-option="false"
+      :options="allMatchers.map(v => ({ label: v, value: v }))"
+      mb-2
     />
 
     <format-transformer