@opentelemetry/redis-common - npm Package Compare versions

Comparing version 0.38.2 to 0.38.3

build/src/index.d.ts

 /// <reference types="node" />
+/// <reference types="node" />
 export type DbStatementSerializer = (cmdName: string, cmdArgs: Array<string | Buffer | number | any[]>) => string;
@@ -3,0 +4,0 @@ /**

build/src/index.js

 "use strict";
 /*
  * Copyright The OpenTelemetry Authors
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0
  */
@@ -33,3 +22,3 @@ Object.defineProperty(exports, "__esModule", { value: true });
     {
-        regex: /^(LPUSH|MSET|PFA|PUBLISH|RPUSH|SADD|SET|SPUBLISH|XADD|ZADD)/i,
+        regex: /^(GETSET|LPUSH|MSET|PFA|PSETEX|PUBLISH|RPUSH|SADD|SET|SPUBLISH|XADD|ZADD)/i,
         args: 1,
@@ -41,4 +30,10 @@ },
     },
+    // ACL and CONFIG subcommands may contain sensitive data (e.g. passwords),
+    // so only serialize the subcommand name (first argument).
     {
-        regex: /^(ACL|BIT|B[LRZ]|CLIENT|CLUSTER|CONFIG|COMMAND|DECR|DEL|EVAL|EX|FUNCTION|GEO|GET|HINCR|HMGET|HSCAN|INCR|L[TRLM]|MEMORY|P[EFISTU]|RPOP|S[CDIMORSU]|XACK|X[CDGILPRT]|Z[CDILMPRS])/i,
+        regex: /^(ACL|CONFIG)/i,
+        args: 1,
+    },
+    {
+        regex: /^(BIT|B[LRZ]|CLIENT|CLUSTER|COMMAND|DECR|DEL|EVAL|EX|FUNCTION|GEO|GET|HINCR|HMGET|HSCAN|INCR|L[TRLM]|MEMORY|P[EFISTU]|RPOP|S[CDIMORSU]|XACK|X[CDGILPRT]|Z[CDILMPRS])/i,
         args: -1,
@@ -45,0 +40,0 @@ },

build/src/index.js.map

@@ -1,1 +0,1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;GAcG;;;AAEH;;;;;;;GAOG;AACH,MAAM,oBAAoB,GAAG;IAC3B;QACE,KAAK,EAAE,QAAQ;QACf,IAAI,EAAE,CAAC;KACR;IACD;QACE,KAAK,EAAE,8DAA8D;QACrE,IAAI,EAAE,CAAC;KACR;IACD;QACE,KAAK,EAAE,6BAA6B;QACpC,IAAI,EAAE,CAAC;KACR;IACD;QACE,KAAK,EACH,kLAAkL;QACpL,IAAI,EAAE,CAAC,CAAC;KACT;CACF,CAAC;AAOF;;;;;;GAMG;AACI,MAAM,4BAA4B,GAA0B,CACjE,OAAO,EACP,OAAO,EACP,EAAE;IACF,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,OAAO,CAAC,MAAM,EAAE;QAC5C,MAAM,gBAAgB,GACpB,oBAAoB,CAAC,IAAI,CAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;YACtC,OAAO,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC7B,CAAC,CAAC,EAAE,IAAI,IAAI,CAAC,CAAC;QAChB,MAAM,eAAe,GACnB,gBAAgB,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,gBAAgB,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;QACvE,IAAI,OAAO,CAAC,MAAM,GAAG,eAAe,CAAC,MAAM,EAAE;YAC3C,eAAe,CAAC,IAAI,CAClB,IAAI,OAAO,CAAC,MAAM,GAAG,gBAAgB,mBAAmB,CACzD,CAAC;SACH;QACD,OAAO,GAAG,OAAO,IAAI,eAAe,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;KAClD;IACD,OAAO,OAAO,CAAC;AACjB,CAAC,CAAC;AAnBW,QAAA,4BAA4B,gCAmBvC","sourcesContent":["/*\n * Copyright The OpenTelemetry Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *      https://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * List of regexes and the number of arguments that should be serialized for matching commands.\n * For example, HSET should serialize which key and field it's operating on, but not its value.\n * Setting the subset to -1 will serialize all arguments.\n * Commands without a match will have their first argument serialized.\n *\n * Refer to https://redis.io/commands/ for the full list.\n */\nconst serializationSubsets = [\n  {\n    regex: /^ECHO/i,\n    args: 0,\n  },\n  {\n    regex: /^(LPUSH|MSET|PFA|PUBLISH|RPUSH|SADD|SET|SPUBLISH|XADD|ZADD)/i,\n    args: 1,\n  },\n  {\n    regex: /^(HSET|HMSET|LSET|LINSERT)/i,\n    args: 2,\n  },\n  {\n    regex:\n      /^(ACL|BIT|B[LRZ]|CLIENT|CLUSTER|CONFIG|COMMAND|DECR|DEL|EVAL|EX|FUNCTION|GEO|GET|HINCR|HMGET|HSCAN|INCR|L[TRLM]|MEMORY|P[EFISTU]|RPOP|S[CDIMORSU]|XACK|X[CDGILPRT]|Z[CDILMPRS])/i,\n    args: -1,\n  },\n];\n\nexport type DbStatementSerializer = (\n  cmdName: string,\n  cmdArgs: Array<string | Buffer | number | any[]>\n) => string;\n\n/**\n * Given the redis command name and arguments, return a combination of the\n * command name + the allowed arguments according to `serializationSubsets`.\n * @param cmdName The redis command name\n * @param cmdArgs The redis command arguments\n * @returns a combination of the command name + args according to `serializationSubsets`.\n */\nexport const defaultDbStatementSerializer: DbStatementSerializer = (\n  cmdName,\n  cmdArgs\n) => {\n  if (Array.isArray(cmdArgs) && cmdArgs.length) {\n    const nArgsToSerialize =\n      serializationSubsets.find(({ regex }) => {\n        return regex.test(cmdName);\n      })?.args ?? 0;\n    const argsToSerialize =\n      nArgsToSerialize >= 0 ? cmdArgs.slice(0, nArgsToSerialize) : cmdArgs;\n    if (cmdArgs.length > argsToSerialize.length) {\n      argsToSerialize.push(\n        `[${cmdArgs.length - nArgsToSerialize} other arguments]`\n      );\n    }\n    return `${cmdName} ${argsToSerialize.join(' ')}`;\n  }\n  return cmdName;\n};\n"]}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AAEH;;;;;;;GAOG;AACH,MAAM,oBAAoB,GAAG;IAC3B;QACE,KAAK,EAAE,QAAQ;QACf,IAAI,EAAE,CAAC;KACR;IACD;QACE,KAAK,EACH,4EAA4E;QAC9E,IAAI,EAAE,CAAC;KACR;IACD;QACE,KAAK,EAAE,6BAA6B;QACpC,IAAI,EAAE,CAAC;KACR;IACD,0EAA0E;IAC1E,0DAA0D;IAC1D;QACE,KAAK,EAAE,gBAAgB;QACvB,IAAI,EAAE,CAAC;KACR;IACD;QACE,KAAK,EACH,uKAAuK;QACzK,IAAI,EAAE,CAAC,CAAC;KACT;CACF,CAAC;AAOF;;;;;;GAMG;AACI,MAAM,4BAA4B,GAA0B,CACjE,OAAO,EACP,OAAO,EACP,EAAE;IACF,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,OAAO,CAAC,MAAM,EAAE;QAC5C,MAAM,gBAAgB,GACpB,oBAAoB,CAAC,IAAI,CAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;YACtC,OAAO,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC7B,CAAC,CAAC,EAAE,IAAI,IAAI,CAAC,CAAC;QAChB,MAAM,eAAe,GACnB,gBAAgB,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,gBAAgB,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;QACvE,IAAI,OAAO,CAAC,MAAM,GAAG,eAAe,CAAC,MAAM,EAAE;YAC3C,eAAe,CAAC,IAAI,CAClB,IAAI,OAAO,CAAC,MAAM,GAAG,gBAAgB,mBAAmB,CACzD,CAAC;SACH;QACD,OAAO,GAAG,OAAO,IAAI,eAAe,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;KAClD;IACD,OAAO,OAAO,CAAC;AACjB,CAAC,CAAC;AAnBW,QAAA,4BAA4B,gCAmBvC","sourcesContent":["/*\n * Copyright The OpenTelemetry Authors\n * SPDX-License-Identifier: Apache-2.0\n */\n\n/**\n * List of regexes and the number of arguments that should be serialized for matching commands.\n * For example, HSET should serialize which key and field it's operating on, but not its value.\n * Setting the subset to -1 will serialize all arguments.\n * Commands without a match will have their first argument serialized.\n *\n * Refer to https://redis.io/commands/ for the full list.\n */\nconst serializationSubsets = [\n  {\n    regex: /^ECHO/i,\n    args: 0,\n  },\n  {\n    regex:\n      /^(GETSET|LPUSH|MSET|PFA|PSETEX|PUBLISH|RPUSH|SADD|SET|SPUBLISH|XADD|ZADD)/i,\n    args: 1,\n  },\n  {\n    regex: /^(HSET|HMSET|LSET|LINSERT)/i,\n    args: 2,\n  },\n  // ACL and CONFIG subcommands may contain sensitive data (e.g. passwords),\n  // so only serialize the subcommand name (first argument).\n  {\n    regex: /^(ACL|CONFIG)/i,\n    args: 1,\n  },\n  {\n    regex:\n      /^(BIT|B[LRZ]|CLIENT|CLUSTER|COMMAND|DECR|DEL|EVAL|EX|FUNCTION|GEO|GET|HINCR|HMGET|HSCAN|INCR|L[TRLM]|MEMORY|P[EFISTU]|RPOP|S[CDIMORSU]|XACK|X[CDGILPRT]|Z[CDILMPRS])/i,\n    args: -1,\n  },\n];\n\nexport type DbStatementSerializer = (\n  cmdName: string,\n  cmdArgs: Array<string | Buffer | number | any[]>\n) => string;\n\n/**\n * Given the redis command name and arguments, return a combination of the\n * command name + the allowed arguments according to `serializationSubsets`.\n * @param cmdName The redis command name\n * @param cmdArgs The redis command arguments\n * @returns a combination of the command name + args according to `serializationSubsets`.\n */\nexport const defaultDbStatementSerializer: DbStatementSerializer = (\n  cmdName,\n  cmdArgs\n) => {\n  if (Array.isArray(cmdArgs) && cmdArgs.length) {\n    const nArgsToSerialize =\n      serializationSubsets.find(({ regex }) => {\n        return regex.test(cmdName);\n      })?.args ?? 0;\n    const argsToSerialize =\n      nArgsToSerialize >= 0 ? cmdArgs.slice(0, nArgsToSerialize) : cmdArgs;\n    if (cmdArgs.length > argsToSerialize.length) {\n      argsToSerialize.push(\n        `[${cmdArgs.length - nArgsToSerialize} other arguments]`\n      );\n    }\n    return `${cmdName} ${argsToSerialize.join(' ')}`;\n  }\n  return cmdName;\n};\n"]}

build/test/redis-common.test.js

@@ -5,14 +5,3 @@ "use strict";
  * Copyright The OpenTelemetry Authors
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0
  */
@@ -48,2 +37,49 @@ const index_1 = require("../src/index");
         },
+        // ACL subcommands with sensitive data should be redacted
+        {
+            cmdName: 'ACL',
+            cmdArgs: [
+                'SETUSER',
+                'alice',
+                'on',
+                '>MySecretPass',
+                '~user:alice:*',
+                '+@read',
+                '+@write',
+            ],
+            expected: 'ACL SETUSER [6 other arguments]',
+        },
+        {
+            cmdName: 'ACL',
+            cmdArgs: ['WHOAMI'],
+            expected: 'ACL WHOAMI',
+        },
+        {
+            cmdName: 'ACL',
+            cmdArgs: ['LIST'],
+            expected: 'ACL LIST',
+        },
+        // CONFIG subcommands with sensitive data should be redacted
+        {
+            cmdName: 'CONFIG',
+            cmdArgs: ['SET', 'requirepass', 'MyNewPassword123'],
+            expected: 'CONFIG SET [2 other arguments]',
+        },
+        {
+            cmdName: 'CONFIG',
+            cmdArgs: ['GET', 'maxmemory'],
+            expected: 'CONFIG GET [1 other arguments]',
+        },
+        // GETSET (deprecated) args should be redacted since it can contain sensitive data
+        {
+            cmdName: 'GETSET',
+            cmdArgs: ['key', 'secret_value'],
+            expected: 'GETSET key [1 other arguments]',
+        },
+        // PSETEX (deprecated) can also contain sensitive data
+        {
+            cmdName: 'PSETEX',
+            cmdArgs: ['key', '100000', 'secret_value'],
+            expected: 'PSETEX key [2 other arguments]',
+        },
     ].forEach(({ cmdName, cmdArgs, expected }) => {
@@ -50,0 +86,0 @@ it(`should serialize the correct number of arguments for ${cmdName}`, () => {

build/test/redis-common.test.js.map

@@ -1,1 +0,1 @@
-{"version":3,"file":"redis-common.test.js","sourceRoot":"","sources":["../../test/redis-common.test.ts"],"names":[],"mappings":";;AAAA;;;;;;;;;;;;;;GAcG;AACH,wCAA4D;AAC5D,iCAAiC;AAEjC,QAAQ,CAAC,iCAAiC,EAAE,GAAG,EAAE;IAC/C;QACE;YACE,OAAO,EAAE,SAAS;YAClB,OAAO,EAAE,CAAC,WAAW,CAAC;YACtB,QAAQ,EAAE,6BAA6B;SACxC;QACD;YACE,OAAO,EAAE,MAAM;YACf,OAAO,EAAE,CAAC,MAAM,CAAC;YACjB,QAAQ,EAAE,0BAA0B;SACrC;QACD;YACE,OAAO,EAAE,OAAO;YAChB,OAAO,EAAE,CAAC,MAAM,EAAE,OAAO,CAAC;YAC1B,QAAQ,EAAE,gCAAgC;SAC3C;QACD;YACE,OAAO,EAAE,MAAM;YACf,OAAO,EAAE,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC;YACnC,QAAQ,EAAE,qCAAqC;SAChD;QACD;YACE,OAAO,EAAE,QAAQ;YACjB,OAAO,EAAE,CAAC,KAAK,EAAE,CAAC,CAAC;YACnB,QAAQ,EAAE,cAAc;SACzB;KACF,CAAC,OAAO,CAAC,CAAC,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE;QAC3C,EAAE,CAAC,wDAAwD,OAAO,EAAE,EAAE,GAAG,EAAE;YACzE,MAAM,CAAC,WAAW,CAChB,IAAA,oCAA4B,EAAC,OAAO,EAAE,OAAO,CAAC,EAC9C,QAAQ,CACT,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC","sourcesContent":["/*\n * Copyright The OpenTelemetry Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *      https://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport { defaultDbStatementSerializer } from '../src/index';\nimport * as assert from 'assert';\n\ndescribe('#defaultDbStatementSerializer()', () => {\n  [\n    {\n      cmdName: 'UNKNOWN',\n      cmdArgs: ['something'],\n      expected: 'UNKNOWN [1 other arguments]',\n    },\n    {\n      cmdName: 'ECHO',\n      cmdArgs: ['echo'],\n      expected: 'ECHO [1 other arguments]',\n    },\n    {\n      cmdName: 'LPUSH',\n      cmdArgs: ['list', 'value'],\n      expected: 'LPUSH list [1 other arguments]',\n    },\n    {\n      cmdName: 'HSET',\n      cmdArgs: ['hash', 'field', 'value'],\n      expected: 'HSET hash field [1 other arguments]',\n    },\n    {\n      cmdName: 'INCRBY',\n      cmdArgs: ['key', 5],\n      expected: 'INCRBY key 5',\n    },\n  ].forEach(({ cmdName, cmdArgs, expected }) => {\n    it(`should serialize the correct number of arguments for ${cmdName}`, () => {\n      assert.strictEqual(\n        defaultDbStatementSerializer(cmdName, cmdArgs),\n        expected\n      );\n    });\n  });\n});\n"]}
+{"version":3,"file":"redis-common.test.js","sourceRoot":"","sources":["../../test/redis-common.test.ts"],"names":[],"mappings":";;AAAA;;;GAGG;AACH,wCAA4D;AAC5D,iCAAiC;AAEjC,QAAQ,CAAC,iCAAiC,EAAE,GAAG,EAAE;IAC/C;QACE;YACE,OAAO,EAAE,SAAS;YAClB,OAAO,EAAE,CAAC,WAAW,CAAC;YACtB,QAAQ,EAAE,6BAA6B;SACxC;QACD;YACE,OAAO,EAAE,MAAM;YACf,OAAO,EAAE,CAAC,MAAM,CAAC;YACjB,QAAQ,EAAE,0BAA0B;SACrC;QACD;YACE,OAAO,EAAE,OAAO;YAChB,OAAO,EAAE,CAAC,MAAM,EAAE,OAAO,CAAC;YAC1B,QAAQ,EAAE,gCAAgC;SAC3C;QACD;YACE,OAAO,EAAE,MAAM;YACf,OAAO,EAAE,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC;YACnC,QAAQ,EAAE,qCAAqC;SAChD;QACD;YACE,OAAO,EAAE,QAAQ;YACjB,OAAO,EAAE,CAAC,KAAK,EAAE,CAAC,CAAC;YACnB,QAAQ,EAAE,cAAc;SACzB;QACD,yDAAyD;QACzD;YACE,OAAO,EAAE,KAAK;YACd,OAAO,EAAE;gBACP,SAAS;gBACT,OAAO;gBACP,IAAI;gBACJ,eAAe;gBACf,eAAe;gBACf,QAAQ;gBACR,SAAS;aACV;YACD,QAAQ,EAAE,iCAAiC;SAC5C;QACD;YACE,OAAO,EAAE,KAAK;YACd,OAAO,EAAE,CAAC,QAAQ,CAAC;YACnB,QAAQ,EAAE,YAAY;SACvB;QACD;YACE,OAAO,EAAE,KAAK;YACd,OAAO,EAAE,CAAC,MAAM,CAAC;YACjB,QAAQ,EAAE,UAAU;SACrB;QACD,4DAA4D;QAC5D;YACE,OAAO,EAAE,QAAQ;YACjB,OAAO,EAAE,CAAC,KAAK,EAAE,aAAa,EAAE,kBAAkB,CAAC;YACnD,QAAQ,EAAE,gCAAgC;SAC3C;QACD;YACE,OAAO,EAAE,QAAQ;YACjB,OAAO,EAAE,CAAC,KAAK,EAAE,WAAW,CAAC;YAC7B,QAAQ,EAAE,gCAAgC;SAC3C;QACD,kFAAkF;QAClF;YACE,OAAO,EAAE,QAAQ;YACjB,OAAO,EAAE,CAAC,KAAK,EAAE,cAAc,CAAC;YAChC,QAAQ,EAAE,gCAAgC;SAC3C;QACD,sDAAsD;QACtD;YACE,OAAO,EAAE,QAAQ;YACjB,OAAO,EAAE,CAAC,KAAK,EAAE,QAAQ,EAAE,cAAc,CAAC;YAC1C,QAAQ,EAAE,gCAAgC;SAC3C;KACF,CAAC,OAAO,CAAC,CAAC,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE;QAC3C,EAAE,CAAC,wDAAwD,OAAO,EAAE,EAAE,GAAG,EAAE;YACzE,MAAM,CAAC,WAAW,CAChB,IAAA,oCAA4B,EAAC,OAAO,EAAE,OAAO,CAAC,EAC9C,QAAQ,CACT,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC","sourcesContent":["/*\n * Copyright The OpenTelemetry Authors\n * SPDX-License-Identifier: Apache-2.0\n */\nimport { defaultDbStatementSerializer } from '../src/index';\nimport * as assert from 'assert';\n\ndescribe('#defaultDbStatementSerializer()', () => {\n  [\n    {\n      cmdName: 'UNKNOWN',\n      cmdArgs: ['something'],\n      expected: 'UNKNOWN [1 other arguments]',\n    },\n    {\n      cmdName: 'ECHO',\n      cmdArgs: ['echo'],\n      expected: 'ECHO [1 other arguments]',\n    },\n    {\n      cmdName: 'LPUSH',\n      cmdArgs: ['list', 'value'],\n      expected: 'LPUSH list [1 other arguments]',\n    },\n    {\n      cmdName: 'HSET',\n      cmdArgs: ['hash', 'field', 'value'],\n      expected: 'HSET hash field [1 other arguments]',\n    },\n    {\n      cmdName: 'INCRBY',\n      cmdArgs: ['key', 5],\n      expected: 'INCRBY key 5',\n    },\n    // ACL subcommands with sensitive data should be redacted\n    {\n      cmdName: 'ACL',\n      cmdArgs: [\n        'SETUSER',\n        'alice',\n        'on',\n        '>MySecretPass',\n        '~user:alice:*',\n        '+@read',\n        '+@write',\n      ],\n      expected: 'ACL SETUSER [6 other arguments]',\n    },\n    {\n      cmdName: 'ACL',\n      cmdArgs: ['WHOAMI'],\n      expected: 'ACL WHOAMI',\n    },\n    {\n      cmdName: 'ACL',\n      cmdArgs: ['LIST'],\n      expected: 'ACL LIST',\n    },\n    // CONFIG subcommands with sensitive data should be redacted\n    {\n      cmdName: 'CONFIG',\n      cmdArgs: ['SET', 'requirepass', 'MyNewPassword123'],\n      expected: 'CONFIG SET [2 other arguments]',\n    },\n    {\n      cmdName: 'CONFIG',\n      cmdArgs: ['GET', 'maxmemory'],\n      expected: 'CONFIG GET [1 other arguments]',\n    },\n    // GETSET (deprecated) args should be redacted since it can contain sensitive data\n    {\n      cmdName: 'GETSET',\n      cmdArgs: ['key', 'secret_value'],\n      expected: 'GETSET key [1 other arguments]',\n    },\n    // PSETEX (deprecated) can also contain sensitive data\n    {\n      cmdName: 'PSETEX',\n      cmdArgs: ['key', '100000', 'secret_value'],\n      expected: 'PSETEX key [2 other arguments]',\n    },\n  ].forEach(({ cmdName, cmdArgs, expected }) => {\n    it(`should serialize the correct number of arguments for ${cmdName}`, () => {\n      assert.strictEqual(\n        defaultDbStatementSerializer(cmdName, cmdArgs),\n        expected\n      );\n    });\n  });\n});\n"]}

package.json

 {
   "name": "@opentelemetry/redis-common",
-  "version": "0.38.2",
+  "version": "0.38.3",
   "description": "Redis utilities for redis instrumentations",
@@ -13,4 +13,2 @@ "main": "build/src/index.js",
     "compile:with-dependencies": "nx run-many -t compile -p @opentelemetry/redis-common",
-    "lint": "eslint . --ext=ts,js,mjs",
-    "lint:fix": "eslint . --ext=ts,js,mjs --fix",
     "prepublishOnly": "npm run compile",
@@ -43,9 +41,3 @@ "test": "nyc mocha 'test/**/*.test.ts'",
   "homepage": "https://github.com/open-telemetry/opentelemetry-js-contrib/tree/main/packages/redis-common#readme",
-  "devDependencies": {
-    "@types/mocha": "^10.0.0",
-    "@types/node": "18.18.14",
-    "nyc": "17.1.0",
-    "typescript": "5.0.4"
-  },
-  "gitHead": "5a5918fd4f9f16b14c9ef4d3de08ab98c20e5b46"
+  "gitHead": "bd017c86bcdf369d7bc1b490e455f95b25385779"
 }

New alerts

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

Fixed alerts

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

26128

7.02%

Dev dependency count

0

-100%

Lines of code

160

25%

No dependency changes