(metadata: Record<string, any> | undefined | null)
| 114 | * @returns A sanitized metadata object safe for audit logging |
| 115 | */ |
| 116 | export function sanitizeAuditMetadata(metadata: Record<string, any> | undefined | null): Record<string, any> { |
| 117 | if (!metadata) return {} |
| 118 | |
| 119 | const sensitiveFields = [ |
| 120 | 'password', |
| 121 | 'pwd', |
| 122 | 'pass', |
| 123 | 'secret', |
| 124 | 'token', |
| 125 | 'apikey', |
| 126 | 'api_key', |
| 127 | 'accesstoken', |
| 128 | 'access_token', |
| 129 | 'refreshtoken', |
| 130 | 'refresh_token', |
| 131 | 'clientsecret', |
| 132 | 'client_secret', |
| 133 | 'privatekey', |
| 134 | 'private_key', |
| 135 | 'secretkey', |
| 136 | 'secret_key', |
| 137 | 'auth', |
| 138 | 'authorization', |
| 139 | 'credential', |
| 140 | 'credentials', |
| 141 | 'ssn', |
| 142 | 'socialsecurity', |
| 143 | 'creditcard', |
| 144 | 'cvv' |
| 145 | ] |
| 146 | |
| 147 | function sanitizeValue(value: any, key: string): any { |
| 148 | const lowerKey = key.toLowerCase() |
| 149 | const isSensitive = sensitiveFields.some((field) => lowerKey.includes(field)) |
| 150 | |
| 151 | if (isSensitive) { |
| 152 | return '********' |
| 153 | } |
| 154 | |
| 155 | if (value && typeof value === 'object' && !Array.isArray(value)) { |
| 156 | return sanitizeObject(value) |
| 157 | } |
| 158 | |
| 159 | if (Array.isArray(value)) { |
| 160 | return value.map((item, index) => sanitizeValue(item, `${key}[${index}]`)) |
| 161 | } |
| 162 | |
| 163 | return value |
| 164 | } |
| 165 | |
| 166 | function sanitizeObject(obj: Record<string, any>): Record<string, any> { |
| 167 | const result: Record<string, any> = {} |
| 168 | for (const key of Object.keys(obj)) { |
| 169 | result[key] = sanitizeValue(obj[key], key) |
| 170 | } |
| 171 | return result |
| 172 | } |
| 173 |
no test coverage detected