(value: string, keyHint?: string)
| 34 | } |
| 35 | |
| 36 | function redactString(value: string, keyHint?: string): string { |
| 37 | const trimmed = value.trim(); |
| 38 | if (!trimmed) return value; |
| 39 | if (keyHint && SENSITIVE_KEY_RE.test(keyHint)) return '[REDACTED]'; |
| 40 | let output = redactUrls(trimmed); |
| 41 | output = output.replace(SECRET_TOKEN_RE, '[REDACTED]'); |
| 42 | output = output.replace( |
| 43 | SENSITIVE_ASSIGNMENT_RE, |
| 44 | (match, key: string, separator: string, rawValue: string, offset: number, input: string) => { |
| 45 | if (isSafeSetupUrlAssignment({ key, separator, rawValue, offset, input })) return match; |
| 46 | if (isDocumentedTokenPlaceholder(rawValue)) return match; |
| 47 | return `${key}${separator}[REDACTED]`; |
| 48 | }, |
| 49 | ); |
| 50 | if (output !== trimmed) return output; |
| 51 | if (trimmed.length > 400) return `${trimmed.slice(0, 200)}...<truncated>`; |
| 52 | return trimmed; |
| 53 | } |
| 54 | |
| 55 | function redactUrls(value: string): string { |
| 56 | return value.replace(URL_RE, (url) => redactUrl(url) ?? url); |
no test coverage detected