Skip to content

🔒 Fix Insufficient Data Masking (Data Exposure) in helpers.ts #453

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
zknpr merged 2 commits into from
Jun 8, 2026
Merged

🔒 Fix Insufficient Data Masking (Data Exposure) in helpers.ts #453

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
85ee40e
Update regex patterns to securely redact PII
google-labs-jules[bot] Jun 8, 2026
1ecf86e
chore: drop unrelated package.json/lockfile changes from masking fix
zknpr Jun 8, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions src/helpers.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -214,8 +214,8 @@ const EMAIL_REGEX = /[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}/g;
const PHONE_REGEX = /(\+?\d{1,3}[-.\s]?)?\(?\d{3}\)?[-.\s]?\d{3}[-.\s]?\d{4}/g;
const API_KEY_REGEX = /\b(sk_live_|sk_test_|api_key_|token_|secret_|key_)[a-zA-Z0-9]{10,}\b/gi;
const HEX_REGEX = /\b[a-fA-F0-9]{32,}\b/g;
const CC_REGEX = /\b\d{4}[-\s]?\d{4}[-\s]?\d{4}[-\s]?\d{4}\b/g;
const SSN_REGEX = /\b\d{3}-\d{2}-\d{4}\b/g;
const CC_REGEX = /\b(?:\d[ -]*?){13,16}\b/g;
const SSN_REGEX = /\b\d{3}[-\s]?\d{2}[-\s]?\d{4}\b/g;

/**
* Masks sensitive data like emails, phone numbers, API keys, hex strings,
Expand All @@ -227,10 +227,10 @@ const SSN_REGEX = /\b\d{3}-\d{2}-\d{4}\b/g;
export function maskSensitiveData(message: string): string {
let safeMessage = message;
safeMessage = safeMessage.replace(EMAIL_REGEX, '***@***.***');
safeMessage = safeMessage.replace(CC_REGEX, '****-****-****-****');
safeMessage = safeMessage.replace(PHONE_REGEX, '***-***-****');
safeMessage = safeMessage.replace(API_KEY_REGEX, '$1[REDACTED]');
safeMessage = safeMessage.replace(HEX_REGEX, '[REDACTED_HEX]');
safeMessage = safeMessage.replace(CC_REGEX, '****-****-****-****');
safeMessage = safeMessage.replace(SSN_REGEX, '***-**-****');
return safeMessage;
}
Expand Down
17 changes: 17 additions & 0 deletions tests/unit/helpers.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -137,3 +137,20 @@ describe('uiKindToString', () => {
assert.strictEqual(uiKindToString(vsc.UIKind.Desktop), 'desktop');
});
});

describe('maskSensitiveData', () => {
const { maskSensitiveData } = require('../../src/helpers');

it('should mask different formats of credit card numbers', () => {
assert.strictEqual(maskSensitiveData("My CC is 1234-5678-9012-3456"), "My CC is ****-****-****-****");
assert.strictEqual(maskSensitiveData("My CC is 1234567890123456"), "My CC is ****-****-****-****");
assert.strictEqual(maskSensitiveData("My CC is 1234 5678 9012 3456"), "My CC is ****-****-****-****");
assert.strictEqual(maskSensitiveData("Amex: 378282246310005"), "Amex: ****-****-****-****");
});

it('should mask different formats of SSN', () => {
assert.strictEqual(maskSensitiveData("My SSN is 123-45-6789"), "My SSN is ***-**-****");
assert.strictEqual(maskSensitiveData("My SSN is 123 45 6789"), "My SSN is ***-**-****");
assert.strictEqual(maskSensitiveData("My SSN is 123456789"), "My SSN is ***-**-****");
});
});
Loading