renovate/lib/util/sanitize.ts

import is from '@sindresorhus/is';
import { toBase64 } from './string';

const secrets = new Set<string>();

export const redactedFields = [
  'authorization',
  'token',
  'githubAppKey',
  'npmToken',
  'npmrc',
  'privateKey',
  'privateKeyOld',
  'gitPrivateKey',
  'forkToken',
  'password',
];

export function sanitize(input: string): string {
  if (!input) {
    return input;
  }
  let output: string = input;
  secrets.forEach((secret) => {
    while (output.includes(secret)) {
      output = output.replace(secret, '**redacted**');
    }
  });
  return output;
}

const GITHUB_APP_TOKEN_PREFIX = 'x-access-token:';

export function addSecretForSanitizing(secret: string): void {
  if (!is.nonEmptyString(secret)) {
    return;
  }
  secrets.add(secret);
  secrets.add(toBase64(secret));
  if (secret.startsWith(GITHUB_APP_TOKEN_PREFIX)) {
    const trimmedSecret = secret.replace(GITHUB_APP_TOKEN_PREFIX, '');
    secrets.add(trimmedSecret);
    secrets.add(toBase64(trimmedSecret));
  }
}

export function clearSanitizedSecretsList(): void {
  secrets.clear();
}
fix: sanitize base64 of all secrets (#14423) 2022-02-28 17:07:09 +00:00			`import is from '@sindresorhus/is';`
			`import { toBase64 } from './string';`

feat(sanitize): refactor (#4479) 2019-09-12 10:48:31 +00:00			`const secrets = new Set<string>();`

fix(logging): sanitize known token (#5917) 2020-05-16 10:35:41 +00:00			`export const redactedFields = [`
			`'authorization',`
			`'token',`
			`'githubAppKey',`
			`'npmToken',`
			`'npmrc',`
			`'privateKey',`
feat(config): privateKeyOld (#11653) 2021-09-10 10:47:33 +00:00			`'privateKeyOld',`
fix(logging): sanitize known token (#5917) 2020-05-16 10:35:41 +00:00			`'gitPrivateKey',`
			`'forkToken',`
			`'password',`
			`];`

refactor(eslint): '@typescript-eslint/explicit-function-return-type' improvements 2019-11-24 07:43:24 +00:00			`export function sanitize(input: string): string {`
chore(internal): disallow implicit braces (#5730) 2020-03-17 11:15:22 +00:00			`if (!input) {`
			`return input;`
			`}`
feat(sanitize): refactor (#4479) 2019-09-12 10:48:31 +00:00			`let output: string = input;`
chore(deps): update dependency prettier to v2 (#5952) * chore(deps): update dependency prettier to v2 * Run prettier-fix Co-authored-by: Renovate Bot <bot@renovateapp.com> Co-authored-by: Jamie Magee <jamie.magee@gmail.com> 2020-04-12 16:09:36 +00:00			`secrets.forEach((secret) => {`
feat(sanitize): refactor (#4479) 2019-09-12 10:48:31 +00:00			`while (output.includes(secret)) {`
			`output = output.replace(secret, 'redacted');`
			`}`
			`});`
			`return output;`
			`}`

fix: sanitize base64 of all secrets (#14423) 2022-02-28 17:07:09 +00:00			`const GITHUB_APP_TOKEN_PREFIX = 'x-access-token:';`

chore: rename sanitize functions for better searchability (#13826) 2022-01-26 09:57:21 +00:00			`export function addSecretForSanitizing(secret: string): void {`
fix: sanitize base64 of all secrets (#14423) 2022-02-28 17:07:09 +00:00			`if (!is.nonEmptyString(secret)) {`
			`return;`
			`}`
feat(sanitize): refactor (#4479) 2019-09-12 10:48:31 +00:00			`secrets.add(secret);`
fix: sanitize base64 of all secrets (#14423) 2022-02-28 17:07:09 +00:00			`secrets.add(toBase64(secret));`
			`if (secret.startsWith(GITHUB_APP_TOKEN_PREFIX)) {`
			`const trimmedSecret = secret.replace(GITHUB_APP_TOKEN_PREFIX, '');`
			`secrets.add(trimmedSecret);`
			`secrets.add(toBase64(trimmedSecret));`
			`}`
feat(sanitize): refactor (#4479) 2019-09-12 10:48:31 +00:00			`}`

chore: rename sanitize functions for better searchability (#13826) 2022-01-26 09:57:21 +00:00			`export function clearSanitizedSecretsList(): void {`
feat(sanitize): refactor (#4479) 2019-09-12 10:48:31 +00:00			`secrets.clear();`
			`}`