fast-redact - npm Package Compare versions

Comparing version 3.1.2 to 3.2.0

lib/modifiers.js

@@ -47,16 +47,20 @@ 'use strict'
   for (var i = 0; i < length; i++) {
-    const { key, target, value } = arr[i]
-    if (has(target, key)) {
-      target[key] = value
-    }
-    /* istanbul ignore else */
-    if (typeof target === 'object') {
-      const targetKeys = Object.keys(target)
-      for (var j = 0; j < targetKeys.length; j++) {
-        const tKey = targetKeys[j]
-        const subTarget = target[tKey]
-        if (has(subTarget, key)) {
-          subTarget[key] = value
+    const { key, target, value, level } = arr[i]
+    if (level === 0 || level === 1) {
+      if (has(target, key)) {
+        target[key] = value
+      }
+      /* istanbul ignore else */
+      if (typeof target === 'object') {
+        const targetKeys = Object.keys(target)
+        for (var j = 0; j < targetKeys.length; j++) {
+          const tKey = targetKeys[j]
+          const subTarget = target[tKey]
+          if (has(subTarget, key)) {
+            subTarget[key] = value
+          }
         }
       }
+    } else {
+      restoreNthLevel(key, target, value, level)
     }
@@ -73,7 +77,7 @@ }
     const key = keys[i]
-    const { value, parent, exists } =
+    const { value, parent, exists, level } =
       specialSet(target, key, path, ns, censor, isCensorFct, censorFctTakesPath)
 
     if (exists === true && parent !== null) {
-      store.push({ key: ns[ns.length - 1], target: parent, value })
+      store.push({ key: ns[ns.length - 1], target: parent, value, level })
     }
@@ -101,2 +105,6 @@ }
   var wc = null
+  var kIsWc
+  var wcov
+  var consecutive = false
+  var level = 0
   ov = n = o[k]
@@ -112,2 +120,5 @@ if (typeof n !== 'object') return { value: null, parent: null, exists }
     if (k === '*') {
+      if (wc === '*') {
+        consecutive = true
+      }
       wc = k
@@ -122,23 +133,28 @@ if (i !== lastPathIndex) {
         const wck = wcKeys[j]
-        const wcov = n[wck]
-        const kIsWc = k === '*'
-        if (kIsWc || (typeof wcov === 'object' && wcov !== null && k in wcov)) {
-          if (kIsWc) {
-            ov = wcov
-          } else {
-            ov = wcov[k]
-          }
-          nv = (i !== lastPathIndex)
-            ? ov
-            : (isCensorFct
-              ? (censorFctTakesPath ? censor(ov, [...path, originalKey, ...afterPath]) : censor(ov))
-              : censor)
-          if (kIsWc) {
-            n[wck] = nv
-          } else {
-            if (wcov[k] === nv) {
-              exists = false
+        wcov = n[wck]
+        kIsWc = k === '*'
+        if (consecutive) {
+          level = i
+          ov = iterateNthLevel(wcov, level - 1, k, path, afterPath, censor, isCensorFct, censorFctTakesPath, originalKey, n, nv, ov, kIsWc, wck, i, lastPathIndex, exists)
+        } else {
+          if (kIsWc || (typeof wcov === 'object' && wcov !== null && k in wcov)) {
+            if (kIsWc) {
+              ov = wcov
             } else {
-              wcov[k] = (nv === undefined && censor !== undefined) || (has(wcov, k) && nv === ov) ? wcov[k] : nv
+              ov = wcov[k]
             }
+            nv = (i !== lastPathIndex)
+              ? ov
+              : (isCensorFct
+                ? (censorFctTakesPath ? censor(ov, [...path, originalKey, ...afterPath]) : censor(ov))
+                : censor)
+            if (kIsWc) {
+              n[wck] = nv
+            } else {
+              if (wcov[k] === nv) {
+                exists = false
+              } else {
+                wcov[k] = (nv === undefined && censor !== undefined) || (has(wcov, k) && nv === ov) ? wcov[k] : nv
+              }
+            }
           }
@@ -160,7 +176,8 @@ }
     // prevent circular structure, see https://github.com/pinojs/pino/issues/1513
-    if (ov === oov) {
+    if (ov === oov || typeof ov === 'undefined') {
       exists = false
     }
   }
-  return { value: ov, parent: oov, exists }
+
+  return { value: ov, parent: oov, exists, level }
 }
@@ -177,1 +194,48 @@
 }
+
+function iterateNthLevel (wcov, level, k, path, afterPath, censor, isCensorFct, censorFctTakesPath, originalKey, n, nv, ov, kIsWc, wck, i, lastPathIndex, exists) {
+  if (level === 0) {
+    if (kIsWc || (typeof wcov === 'object' && wcov !== null && k in wcov)) {
+      if (kIsWc) {
+        ov = wcov
+      } else {
+        ov = wcov[k]
+      }
+      nv = (i !== lastPathIndex)
+        ? ov
+        : (isCensorFct
+          ? (censorFctTakesPath ? censor(ov, [...path, originalKey, ...afterPath]) : censor(ov))
+          : censor)
+      if (kIsWc) {
+        n[wck] = nv
+      } else {
+        if (wcov[k] === nv) {
+          exists = false
+        } else {
+          wcov[k] = (nv === undefined && censor !== undefined) || (has(wcov, k) && nv === ov) ? wcov[k] : nv
+        }
+      }
+    }
+    return ov
+  }
+  for (const key in wcov) {
+    if (typeof wcov[key] === 'object') {
+      var temp = iterateNthLevel(wcov[key], level - 1, k, path, afterPath, censor, isCensorFct, censorFctTakesPath, originalKey, n, nv, ov, kIsWc, wck, i, lastPathIndex, exists)
+      return temp
+    }
+  }
+}
+
+function restoreNthLevel (key, target, value, level) {
+  if (level === 0) {
+    if (has(target, key)) {
+      target[key] = value
+    }
+    return
+  }
+  for (const objKey in target) {
+    if (typeof target[objKey] === 'object') {
+      restoreNthLevel(key, target[objKey], value, level - 1)
+    }
+  }
+}

lib/validator.js

 'use strict'
 
-const { createContext, runInContext } = require('vm')
-
 module.exports = validator
@@ -20,15 +18,12 @@
         if (/〇/.test(s)) throw Error()
-        const proxy = new Proxy({}, { get: () => proxy, set: () => { throw Error() } })
         const expr = (s[0] === '[' ? '' : '.') + s.replace(/^\*/, '〇').replace(/\.\*/g, '.〇').replace(/\[\*\]/g, '[〇]')
         if (/\n|\r|;/.test(expr)) throw Error()
         if (/\/\*/.test(expr)) throw Error()
-        runInContext(`
-          (function () {
+        /* eslint-disable-next-line */
+        Function(`
             'use strict'
+            const o = new Proxy({}, { get: () => o, set: () => { throw Error() } });
+            const 〇 = null;
             o${expr}
-            if ([o${expr}].length !== 1) throw Error()
-          })()
-        `, createContext({ o: proxy, 〇: null }), {
-          codeGeneration: { strings: false, wasm: false }
-        })
+            if ([o${expr}].length !== 1) throw Error()`)()
       } catch (e) {
@@ -35,0 +30,0 @@ throw Error(ERR_INVALID_PATH(s))

package.json

 {
   "name": "fast-redact",
-  "version": "3.1.2",
+  "version": "3.2.0",
   "description": "very fast object redaction",
@@ -5,0 +5,0 @@ "main": "index.js",

readme.md

@@ -18,11 +18,13 @@ # fast-redact
     cookie: `oh oh we don't want this exposed in logs in etc.`,
-    referer: `if we're cool maybe we'll even redact this`
+    referer: `if we're cool maybe we'll even redact this`,
+    // Note: headers often contain hyphens and require bracket notation
+    'X-Forwarded-For': `192.168.0.1`
   }
 }
 const redact = fastRedact({
-  paths: ['headers.cookie', 'headers.referer']
+  paths: ['headers.cookie', 'headers.referer', 'headers["X-Forwarded-For"]']
 })
 
 console.log(redact(fauxRequest))
-// {"headers":{"host":"http://example.com","cookie":"[REDACTED]","referer":"[REDACTED]"}}
+// {"headers":{"host":"http://example.com","cookie":"[REDACTED]","referer":"[REDACTED]","X-Forwarded-For": "[REDACTED]"}}
 ```
@@ -29,0 +31,0 @@

test/index.js

@@ -1280,1 +1280,79 @@ 'use strict'
 })
+
+test('multi level wildcards with level > 3', ({ end, is }) => {
+  const redact = fastRedact({ paths: ['*.*.*.c', '*.*.*.*.c'] })
+  const o = {
+    a: {
+      b: {
+        x: {
+          c: 's'
+        }
+      },
+      d: {
+        x: {
+          u: {
+            a: 's',
+            b: 's',
+            c: 's'
+          }
+        }
+      }
+    }
+  }
+  is(redact(o), '{"a":{"b":{"x":{"c":"[REDACTED]"}},"d":{"x":{"u":{"a":"s","b":"s","c":"[REDACTED]"}}}}}')
+  end()
+})
+
+test('multi level wildcards at nested level inside object', ({ end, is }) => {
+  const redact = fastRedact({ paths: ['a.*.*.c', 'a.d.*.*.c'] })
+  const o = {
+    a: {
+      b: {
+        x: {
+          c: 's'
+        }
+      },
+      d: {
+        x: {
+          u: {
+            a: 's',
+            b: 's',
+            c: 's'
+          }
+        }
+      }
+    }
+  }
+  is(redact(o), '{"a":{"b":{"x":{"c":"[REDACTED]"}},"d":{"x":{"u":{"a":"s","b":"s","c":"[REDACTED]"}}}}}')
+  end()
+})
+
+test('multi level wildcards with level > 3 with serialize false', ({ end, is }) => {
+  const redact = fastRedact({ paths: ['*.*.*.c', '*.*.*.*.c'], serialize: false })
+  const result = redact({ a: { b: { x: { c: 's' } }, d: { x: { u: { a: 's', b: 's', c: 's' } } } } })
+  is(result.a.b.x.c, censor)
+  is(result.a.d.x.u.a, 's')
+  is(result.a.d.x.u.b, 's')
+  is(result.a.d.x.u.c, censor)
+  redact.restore(result)
+  is(result.a.b.x.c, 's')
+  is(result.a.d.x.u.a, 's')
+  is(result.a.d.x.u.b, 's')
+  is(result.a.d.x.u.c, 's')
+  end()
+})
+
+test('multi level wildcards at nested level inside object with serialize false', ({ end, is }) => {
+  const redact = fastRedact({ paths: ['a.*.*.c', 'a.d.*.*.c'], serialize: false })
+  const result = redact({ a: { b: { x: { c: 's' } }, d: { x: { u: { a: 's', b: 's', c: 's' } } } } })
+  is(result.a.b.x.c, censor)
+  is(result.a.d.x.u.a, 's')
+  is(result.a.d.x.u.b, 's')
+  is(result.a.d.x.u.c, censor)
+  redact.restore(result)
+  is(result.a.b.x.c, 's')
+  is(result.a.d.x.u.a, 's')
+  is(result.a.d.x.u.b, 's')
+  is(result.a.d.x.u.c, 's')
+  end()
+})

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Debug access

Supply chain risk

Uses debug, reflection and dynamic code execution features.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

85864

increased by4.93%

Lines of code

2051

increased by6.82%

Number of lines in readme file

283

increased by0.71%

Number of low supply chain risk alerts

0

decreased by-100%

No dependency changes