sanitize.spec.ts

import {
  addSecretForSanitizing,
  clearGlobalSanitizedSecretsList,
  clearRepoSanitizedSecretsList,
  sanitize,
} from './sanitize';
import { toBase64 } from './string';

describe('util/sanitize', () => {
  beforeEach(() => {
    clearRepoSanitizedSecretsList();
    clearGlobalSanitizedSecretsList();
  });

  it('sanitizes empty string', () => {
    addSecretForSanitizing('');
    expect(sanitize(null as never)).toBeNull();
    expect(sanitize('')).toBe('');
  });

  it('sanitizes secrets from strings', () => {
    const token = '123testtoken';
    const username = 'userabc';
    const password = 'password123';
    addSecretForSanitizing(token, 'global');
    const hashed = toBase64(`${username}:${password}`);
    addSecretForSanitizing(hashed);
    addSecretForSanitizing(password);

    const input = `My token is ${token}, username is "${username}" and password is "${password}" (hashed: ${hashed})`;
    const output =
      'My token is **redacted**, username is "userabc" and password is "**redacted**" (hashed: **redacted**)';
    expect(sanitize(input)).toBe(output);

    const inputX2 = [input, input].join('\n');
    const outputX2 = [output, output].join('\n');
    expect(sanitize(inputX2)).toBe(outputX2);
  });

  it('sanitizes github app tokens', () => {
    addSecretForSanitizing('x-access-token:abc123');
    expect(sanitize(`hello ${toBase64('abc123')} world`)).toBe(
      'hello **redacted** world',
    );
  });
});