-
Notifications
You must be signed in to change notification settings - Fork 1
/
secret.go
60 lines (54 loc) · 1.25 KB
/
secret.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
package redact
import (
"bytes"
"regexp"
"unicode/utf8"
)
// Protection defines a strategy to protect a secret
type Protection int
const (
// BlackOut protects by replacing each charecter of the secret with another symbol
BlackOut Protection = iota
// Censor protects by censoring the whole secret with a replacement
Censor
// ReplaceData protects by replacing the whole data
ReplaceData
)
// Secret defines what parts of a string most be redacted and how
type Secret struct {
Pattern *regexp.Regexp
Protection Protection
Replacement []byte
}
// NewSecret creates a new secret
func NewSecret(pattern string, p Protection, r []byte) *Secret {
re, _ := regexp.Compile(pattern)
return &Secret{
Pattern: re,
Protection: p,
Replacement: r,
}
}
// Redact redacts the secrets from data
func (s *Secret) Redact(data []byte) []byte {
if s.Pattern.Match(data) {
switch s.Protection {
case BlackOut:
return s.Pattern.ReplaceAllFunc(
data,
func(b []byte) []byte {
redacted := bytes.Repeat(
s.Replacement,
utf8.RuneCountInString(string(b)),
)
return []byte(redacted)
},
)
case Censor:
return s.Pattern.ReplaceAll(data, s.Replacement)
case ReplaceData:
return s.Replacement
}
}
return data
}