Socket
Socket
Sign inDemoInstall

@amaabca/sensitive-param-filter

Package Overview
Dependencies
0
Maintainers
11
Versions
21
Alerts
File Explorer

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

@amaabca/sensitive-param-filter


Version published
Maintainers
11
Install size
14.4 kB
Created

Readme

Source

Sensitive Param Filter

Build Status

sensitive-param-filter is a zero-dependency package designed to filter sensitive values from JavaScript objects. This package can be used to scrub logs, filer data before outputting to a UI, etc. The defaults provided with sensitive-param-filter should work well for most applications.

Installation

Install sensitive-param-filter to your project via either npm:

npm install @amaabca/sensitive-param-filter

or yarn:

yarn add @amaabca/sensitive-param-filter

Usage

const { SensitiveParamFilter } = require('@amaabca/sensitive-param-filter')
const paramFilter = new SensitiveParamFilter()
const rawObject = {
  Authorization: 'Bearer somedatatoken',
  body: {
    info: '{ "amount": 28.64, "credit_card": "4242424242424242", "cvv": "123" }'
  },
  method: 'POST',
  url: 'https://pay.example.com?user=bob.bobbington&password=asecurepassword1234'
}
const filteredObject = paramFilter.filter(rawObject)
// filteredObject = {
//   Authorization: 'FILTERED',
//   body: {
//     info: '{ "amount": 28.64, "credit_card": "FILTERED", "cvv": "FILTERED" }'
//   },
//   method: 'POST',
//   url: 'https://pay.example.com?user=bob.bobbington&password=FILTERED'
// }

Details

sensitive-param-filter examines keys to determine which values to filter. Key matching is done in a case-insensitive, partial-macthing manner (that is, if the param AUTH is provided, Authorization, AUTHENTICATION, etc. will be filtered).

Key Features

  • Does not modify input objects
  • Performs a deep copy of the input object (note that booleans, numbers, and strings - which are immutable - are technically copied by reference)
  • Can be configued to filter out or leave "unexpected" objects (such as functions)
  • Handles circular references
  • Filters valid JSON strings
  • Filters valid and malformed URL query params
  • Filters Errors, Arrays, Maps, Sets, and simple objects

Options

const { SPFDefaultParams, SensitiveParamFilter } = require('@amaabca/sensitive-param-filter')
const filter = new SensitiveParamFilter({
  filterUnknown: false,
  params: SPFDefaultParams.concat(['data', 'email']),
  replacement: '***',
  whitelist: ['authentic', 'encryption_standard']
})
  • filterUnknown: Indicates whether "unexpected" objects (such as functions) should be filtered or returned as-is. Defaults to true

  • params: An array of string params to filter. These entries will be combined into a regex that is used by sensitive-param-filter. Setting this option overwrites the default array (SPFDefaultParams).

  • replacement: The object to replace filtered values with. Defaults to 'FILTERED'.

  • whitelist: An array of strings to exclude from filtering. For example, if pass_through is including in the whitelist, the key pass_through will not be filtered. Note that entries must match keys exactly to prevent filtering - that is, whitelisting secrets still causes secrets_store to be filtered.

Default Values

See defaults. Note that all of these values can be overridden via the options.

The default keys that are filtered are:

  • auth
  • bearer
  • credit
  • CVD
  • CVV
  • encrypt
  • PAN
  • pass
  • secret
  • token

License & Contributing

sensitive-param-filter uses the MIT license. See the license.

We welcome contributions. See contributing.

Keywords

FAQs

Last updated on 21 May 2024

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

Packages

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc