Fix code scanning alert no. 31: Clear-text logging of sensitive infor…

…mation Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Benjamin-Stefan · Sep 27, 2024 · 4cae3a2 · 4cae3a2
1 parent 5320a0f
commit 4cae3a2
Showing 1 changed file with 13 additions and 1 deletion.
diff --git a/src/utils/ssh.ts b/src/utils/ssh.ts
@@ -10,11 +10,23 @@ import { SSHOptions } from "../types";
 function logDebug(message: string, debug?: boolean) {
     if (debug) {
         // Sanitize the message to remove sensitive information
-        const sanitizedMessage = message.replace(/--password=\S+/g, '--password=****');
+        const sanitizedMessage = sanitizeSensitiveData(message);
         console.log(`[DEBUG] ${sanitizedMessage}`);
     }
 }
 
+/**
+ * Sanitizes a message to remove sensitive information such as passwords, usernames, and other credentials.
+ * @param {string} message - The message to sanitize.
+ * @returns {string} The sanitized message.
+ */
+function sanitizeSensitiveData(message: string): string {
+    return message
+        .replace(/--password=\S+/g, '--password=****')
+        .replace(/--username=\S+/g, '--username=****')
+        .replace(/--apn=\S+/g, '--apn=****');
+}
+
 /**
  * Creates an SSH connection using the provided options.
  * @param {SSHOptions} options - The SSH connection options.