From 4cae3a2789b9aa513641c7acae302841aeebddd5 Mon Sep 17 00:00:00 2001
From: Benjamin Stefan <145866889+Benjamin-Stefan@users.noreply.github.com>
Date: Fri, 27 Sep 2024 23:46:33 +0200
Subject: [PATCH] Fix code scanning alert no. 31: Clear-text logging of
 sensitive information

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 src/utils/ssh.ts | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/src/utils/ssh.ts b/src/utils/ssh.ts
index e02aa82..e14c5cf 100644
--- a/src/utils/ssh.ts
+++ b/src/utils/ssh.ts
@@ -10,11 +10,23 @@ import { SSHOptions } from "../types";
 function logDebug(message: string, debug?: boolean) {
     if (debug) {
         // Sanitize the message to remove sensitive information
-        const sanitizedMessage = message.replace(/--password=\S+/g, '--password=****');
+        const sanitizedMessage = sanitizeSensitiveData(message);
         console.log(`[DEBUG] ${sanitizedMessage}`);
     }
 }
 
+/**
+ * Sanitizes a message to remove sensitive information such as passwords, usernames, and other credentials.
+ * @param {string} message - The message to sanitize.
+ * @returns {string} The sanitized message.
+ */
+function sanitizeSensitiveData(message: string): string {
+    return message
+        .replace(/--password=\S+/g, '--password=****')
+        .replace(/--username=\S+/g, '--username=****')
+        .replace(/--apn=\S+/g, '--apn=****');
+}
+
 /**
  * Creates an SSH connection using the provided options.
  * @param {SSHOptions} options - The SSH connection options.