feat: enhance cleaned PII and custom regexes

Author: sharevb

package.json

@@ -55,6 +55,7 @@
     "cron-validator": "^1.3.1",
     "cronstrue": "^2.26.0",
     "crypto-js": "^4.1.1",
+    "data-guardian": "^1.1.3",
     "date-fns": "^2.29.3",
     "dompurify": "^3.0.6",
     "emojilib": "^3.0.10",
@@ -70,7 +71,6 @@
     "libphonenumber-js": "^1.10.28",
     "lodash": "^4.17.21",
     "marked": "^10.0.0",
-    "mask-sensitive-data": "^0.11.5",
     "mathjs": "^11.9.1",
     "mime-types": "^2.1.35",
     "monaco-editor": "^0.43.0",

pnpm-lock.yaml

@@ -0,0 +1,56 @@
+import { describe, expect, it } from 'vitest';
+import { maskSensitiveData } from './sensitive-data-masker.service';
+
+describe('sensitive-data-masker', () => {
+  describe('maskSensitiveData', () => {
+    const data = `{
+  email: '[email protected]',
+  creditCard: '1234 5678 9000 9876',
+  id: '3f8a43fd-6489-4ec7-bd55-7a1ba172d77b',
+  name: 'John',
+  surname: 'Doe',
+  phone: '+358 40 1234567',
+  url: 'truc.google.com',
+  ip4: '83.24.45.56',
+  ip6: '2001:db8:0:85a3:0:0:ac1f:8001',
+  mac: '3D:F2:C9:A6:B3:4F',
+  token: 'eyJhbGciOiJIUzI1NiJ9.ew0KICAic3ViIjogIjEyMzQ1Njc4OTAiLA0KICAibmFtZSI6ICJBbGV4IEtvemxvdiIsDQogICJpYXQiOiAxNTE2MjM5MDIyDQp9.PNKysYFTCenU5bekHCmwIxCUXoYG41H_xc3uN3ZF_b8',
+}`;
+
+    it('should maks sensitive data', () => {
+      expect(maskSensitiveData(
+        data,
+      )).toBe(`{
+  email: 'jo****************om',
+  creditCard: '12***************76',
+  id: '3f********************************7b',
+  name: 'John',
+  surname: 'Doe',
+  phone: '+35**********67',
+  url: 'tr***********om',
+  ip4: '83*******56',
+  ip6: '20*************************01',
+  mac: '3D*************4F',
+  token: 'ey*****************************************************************************************************************************************************************b8',
+}`);
+    });
+    it('should maks sensitive data (with custom regex)', () => {
+      expect(maskSensitiveData(
+        data,
+        'John\nDoe',
+      )).toBe(`{
+  email: 'jo****************om',
+  creditCard: '12***************76',
+  id: '3f********************************7b',
+  name: '****',
+  surname: '***',
+  phone: '+35**********67',
+  url: 'tr***********om',
+  ip4: '83*******56',
+  ip6: '20*************************01',
+  mac: '3D*************4F',
+  token: 'ey*****************************************************************************************************************************************************************b8',
+}`);
+    });
+  });
+});

src/tools/sensitive-data-masker/sensitive-data-masker.service.test.ts

@@ -0,0 +1,22 @@
+import { maskString } from 'data-guardian';
+
+const jwtRegex = /\b([a-zA-Z0-9_=]+)\.([a-zA-Z0-9_=]+)\.([a-zA-Z0-9_\-\+\/=]*)\b/g;
+const phoneRegex = /\b(?:(\+\d{1,4})[-.\s]?)?(?:[(](\d{1,3})[)][-.\s]?)?(\d{1,4})[-.\s]?(\d{1,4})[-.\s]?(\d{1,9})\b/g;
+const macRegex = /\b([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})\b/g;
+const ipv6Regex = /\b(?:(::|[0-9a-fA-F]{1,4}:{1,2})([0-9a-fA-F]{1,4}:{1,2}){0,6}([0-9a-fA-F]{1,4}|::)?)\b/g;
+const urlWithOrWithoutPrefixRegex = /\b(https?:\/\/)?(www\\.)?[-a-zA-Z0-9@:%.\_\\+~#=]{2,256}\\.[a-z]{2,6}\\b([-a-zA-Z0-9@:%\_\\+.~#?&//=]\*)\b/g;
+
+export function maskSensitiveData(value: string, customRegex?: string) {
+  return maskString(value, null as never, {
+    customRegex: new RegExp((customRegex || '').split('\n').map(line => `(${line})`).join('|'), 'gi'),
+    macRegex,
+    ipv6Regex,
+    urlWithOrWithoutPrefixRegex,
+    jwtRegex,
+    phoneRegex,
+  }, {
+    excludeMatchers: [
+      'passwordMention', 'password', 'passwordSubstring',
+    ],
+  });
+}

src/tools/sensitive-data-masker/sensitive-data-masker.service.ts

@@ -1,29 +1,48 @@
 <script setup lang="ts">
-import maskSensitiveData from 'mask-sensitive-data';
+import { maskSensitiveData } from './sensitive-data-masker.service';
 import { withDefaultOnError } from '@/utils/defaults';
 
-const defaultValue = `
-{
+const defaultValue = `{
   email: '[email protected]',
   creditCard: '1234 5678 9000 9876',
   id: '3f8a43fd-6489-4ec7-bd55-7a1ba172d77b',
   name: 'John',
   surname: 'Doe',
   phone: '+358 40 1234567',
+  url: 'truc.google.com',
+  ip4: '83.24.45.56',
+  ip6: '2001:db8:0:85a3:0:0:ac1f:8001',
+  mac: '3D:F2:C9:A6:B3:4F',
   token: 'eyJhbGciOiJIUzI1NiJ9.ew0KICAic3ViIjogIjEyMzQ1Njc4OTAiLA0KICAibmFtZSI6ICJBbGV4IEtvemxvdiIsDQogICJpYXQiOiAxNTE2MjM5MDIyDQp9.PNKysYFTCenU5bekHCmwIxCUXoYG41H_xc3uN3ZF_b8',
-}
-`;
+}`;
+
+const customRegex = useStorage('sensitive-data:regex', '');
+
 function transformer(value: string) {
-  return withDefaultOnError(() => maskSensitiveData(value), '');
+  return withDefaultOnError(() => maskSensitiveData(
+    value,
+    customRegex.value,
+  ), '');
 }
 </script>
 
 <template>
-  <format-transformer
-    input-label="Your log/textual data:"
-    :input-default="defaultValue"
-    input-placeholder="Paste your log/textual data here..."
-    output-label="Cleaned version:"
-    :transformer="transformer"
-  />
+  <div style="max-width: 600px;">
+    <c-input-text
+      v-model:value="customRegex"
+      label="Your custom cleaning regex(es) (case insensitive):"
+      placeholder="Your custom cleaning regex(es)"
+      raw-text
+      multiline
+      rows="4"
+    />
+
+    <format-transformer
+      input-label="Your log/textual data:"
+      :input-default="defaultValue"
+      input-placeholder="Paste your log/textual data here..."
+      output-label="Cleaned version:"
+      :transformer="transformer"
+    />
+  </div>
 </template>