Security News
OpenJS: “XZ Utils Cyberattack Likely Not an Isolated Incident”
OpenJS is warning of social engineering takeovers targeting open source projects after receiving a credible attempt on the foundation.
By Sarah Gooding - Apr 17, 2024
@dazn/lambda-powertools-middleware-obfuscater
Advanced tools
@dazn/lambda-powertools-middleware-obfuscater
Middy middleware to obfuscate the event for logging
- 1.29.0latestnpm
- Version published
- Maintainers
- 7
- Weekly downloads
- 538
- decreased by-45.77%
- Install size
- 84.1 kB
Weekly downloads
Readme
lambda-powertools-middleware-obfuscater
A Middy middleware that will enable debug logging for a configurable % of invocations. Defaults is 1%.
Main features:
- records an error log message with the invocation event as attribute when an invocation errors. These invocation errors may be obfuscated to avoid the leaking of Personal Identifiable Information.
Getting Started
Install from NPM: npm install @dazn/lambda-powertools-middleware-obfuscater
Alternatively, if you use the template @dazn/lambda-powertools-pattern-obfuscate then this would be configured for you.
API
Accepts a configuration object of the following shape:
{
obfuscationFilter: string array formatted like ["object.key.to.obfuscate"]
}
{
Records: [
{ firstName: "personal" secondName: "identifiable" email: "inform@ti.on" },
{ firstName: "second" secondName: "personal" email: "inform@ti.on" }
]
}
// To filter the above object you would pass
const obfuscationFilter = ["Records.*.firstName", "Records.*.secondName", "Records.*.email"]
The output would be...
{
Records: [
{ firstName: "********" secondName: "************" email: "******@**.**" },
{ firstName: "******" secondName: "********" email: "******@**.**" }
]
}
similarly, you can filter entire objects, for instance.
const obfuscationFilter = ["Records.*.personal"]
{
Records: [
{ personal: { firstName: "********" secondName: "************" email: "******@**.**" } }.
{ personal: { firstName: "******" secondName: "********" email: "******@**.**", address: { postcode: "******", street: "* ****** ***", country: "**" }}}
]
}
This will recursively filter every object and subobjects
const middy = require('middy')
const obfuscatedLogging = require('@dazn/lambda-powertools-middleware-obfuscater')
const handler = async (event, context) => {
return 42
}
module.exports = middy(handler)
.use(obfuscatedLogging.obfuscaterMiddleware({ sampleRate: 0.01, obfuscationFilters: ["example.example"] }))
}
This middleware is often used alongside the @dazn/lambda-powertools-middleware-correlation-ids middleware to implement sample logging. It's recommended that you use the @dazn/lambda-powertools-pattern-obfuscate which configures both to enable debug logging at 1% of invocations.
FAQs
Middy middleware to obfuscate the event for logging
The npm package @dazn/lambda-powertools-middleware-obfuscater receives a total of 361 weekly downloads. As such, @dazn/lambda-powertools-middleware-obfuscater popularity was classified as not popular.
We found that @dazn/lambda-powertools-middleware-obfuscater demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 7 open source maintainers collaborating on the project.
Last updated on 04 May 2021
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Company News
Connect with Socket at RSA and BSidesSF 2024
Come meet the Socket team at BSidesSF and RSA! We're sponsoring several fun networking events and we would love to see you there.
By Sarah Gooding - Apr 15, 2024
Security News
OSI to Lead Discussions on Navigating the Challenges of Doing Business with Open Source
OSI is starting a conversation aimed at removing the excuse of the SaaS loophole for companies navigating licensing and the complexities of doing business with open source.
By Sarah Gooding - Apr 12, 2024