(ip: string)
| 80 | * @returns The sanitized IP address with masked octets/bits, or 'unknown' if invalid |
| 81 | */ |
| 82 | export function sanitizeIPAddress(ip: string): string { |
| 83 | if (!isValidIPAddress(ip)) { |
| 84 | return 'unknown' |
| 85 | } |
| 86 | |
| 87 | if (isIPv4(ip)) { |
| 88 | const parts = ip.split('.') |
| 89 | parts[3] = 'xxx' |
| 90 | return parts.join('.') |
| 91 | } |
| 92 | |
| 93 | if (isIPv6(ip)) { |
| 94 | const groups = expandIPv6ToGroups(ip) |
| 95 | if (groups.length !== 8) return 'unknown' |
| 96 | const prefix = groups.slice(0, 4).join(':') |
| 97 | return `${prefix}:xxxx:xxxx:xxxx:xxxx` |
| 98 | } |
| 99 | |
| 100 | return 'unknown' |
| 101 | } |
| 102 | |
| 103 | /** |
| 104 | * Sanitizes audit-event metadata by redacting sensitive fields and removing null bytes. |
no test coverage detected