chore: Obfuscate field by repeating * with character length (#181)

alexluong · web-flow · commit 6e2e4ec6e786 · 2025-01-13T16:11:30.000+07:00
* chore: Obfuscate field by repeating * with character length

* test: Obfuscate
diff --git a/internal/destregistry/baseprovider.go b/internal/destregistry/baseprovider.go
@@ -11,12 +11,12 @@ import (
 	"github.com/hookdeck/outpost/internal/models"
 )
 
-// ObfuscateValue masks a sensitive value. For strings:
-// - Less than 10 characters: return "****" to avoid revealing length
-// - 10 or more characters: show first 4 characters + asterisks for the rest
+// ObfuscateValue masks a sensitive value with the following rules:
+// - For strings with length >= 10: show first 4 characters + asterisks for the rest
+// - For strings with length < 10: replace each character with an asterisk
 func ObfuscateValue(value string) string {
 	if len(value) < 10 {
-		return "****"
+		return strings.Repeat("*", len(value))
 	}
 	return value[:4] + strings.Repeat("*", len(value)-4)
 }
diff --git a/internal/destregistry/registry_test.go b/internal/destregistry/registry_test.go
@@ -530,22 +530,22 @@ func TestObfuscateValue(t *testing.T) {
 		{
 			name:     "empty string",
 			input:    "",
-			expected: "****",
+			expected: "",
 		},
 		{
 			name:     "single character",
 			input:    "a",
-			expected: "****",
+			expected: "*",
 		},
 		{
 			name:     "short string",
 			input:    "abc123",
-			expected: "****",
+			expected: "******",
 		},
 		{
 			name:     "9 characters",
 			input:    "123456789",
-			expected: "****",
+			expected: "*********",
 		},
 		{
 			name:     "10 characters",
@@ -600,11 +600,11 @@ func TestObfuscateDestination(t *testing.T) {
 	assert.Equal(t, "visible-value", obfuscated.Config["public_key"])
 
 	// Sensitive fields should be obfuscated according to length:
-	// - Less than 10 chars: "****"
+	// - Less than 10 chars: replace each character with an asterisk
 	// - 10+ chars: first 4 chars + asterisks
 	assert.Equal(t, "sens***************", obfuscated.Config["secret_key"]) // 19 chars
 	assert.Equal(t, "abcd************", obfuscated.Credentials["api_key"])  // 16 chars
-	assert.Equal(t, "****", obfuscated.Credentials["token"])                // 3 chars
+	assert.Equal(t, "***", obfuscated.Credentials["token"])                 // 3 chars
 	assert.Equal(t, "****", obfuscated.Credentials["code"])                 // 4 chars
 }
 
@@ -716,7 +716,7 @@ func TestDisplayDestination(t *testing.T) {
 	require.NoError(t, err)
 	assert.Equal(t, "mock-target", display.Target)
 	assert.Equal(t, "value", display.Config["public_key"])
-	assert.Equal(t, "****", display.Config["secret_key"])
+	assert.Equal(t, "******", display.Config["secret_key"])
 	assert.Equal(t, "secr******", display.Credentials["api_key"])
 }
 

Original file line number	Diff line number	Diff line change
`@@ -11,12 +11,12 @@ import (`
`11`	`11`	`"github.com/hookdeck/outpost/internal/models"`
`12`	`12`	`)`
`13`	`13`
`14`		`-// ObfuscateValue masks a sensitive value. For strings:`
`15`		`-// - Less than 10 characters: return "****" to avoid revealing length`
`16`		`-// - 10 or more characters: show first 4 characters + asterisks for the rest`
	`14`	`+// ObfuscateValue masks a sensitive value with the following rules:`
	`15`	`+// - For strings with length >= 10: show first 4 characters + asterisks for the rest`
	`16`	`+// - For strings with length < 10: replace each character with an asterisk`
`17`	`17`	`func ObfuscateValue(value string) string {`
`18`	`18`	`if len(value) < 10 {`
`19`		`- return "****"`
	`19`	`+ return strings.Repeat("*", len(value))`
`20`	`20`	`}`
`21`	`21`	`return value[:4] + strings.Repeat("*", len(value)-4)`
`22`	`22`	`}`