Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/ryanrosello-og/playwright-redactor

Redact sensitive information from your Playwright trace files
https://github.com/ryanrosello-og/playwright-redactor

playwright redaction security trace typescript

Last synced: 24 days ago
JSON representation

Redact sensitive information from your Playwright trace files

Host: GitHub
URL: https://github.com/ryanrosello-og/playwright-redactor
Owner: ryanrosello-og
License: mit
Created: 2024-01-09T10:25:31.000Z (about 1 year ago)
Default Branch: main
Last Pushed: 2024-01-31T20:09:00.000Z (almost 1 year ago)
Last Synced: 2024-04-24T11:33:38.609Z (9 months ago)
Topics: playwright, redaction, security, trace, typescript
Language: TypeScript
Homepage:
Size: 5.55 MB
Stars: 1
Watchers: 2
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # playwright-redactor

[![Coverage Status](https://coveralls.io/repos/github/ryanrosello-og/playwright-redactor/badge.svg?branch=add-gh-workflow)](https://coveralls.io/github/ryanrosello-og/playwright-redactor?branch=add-gh-workflow) [![vitests](https://github.com/ryanrosello-og/playwright-redactor/actions/workflows/tests.yml/badge.svg)](https://github.com/ryanrosello-og/playwright-redactor/actions/workflows/tests.yml) [![CodeQL](https://github.com/ryanrosello-og/playwright-redactor/actions/workflows/codeql.yml/badge.svg)](https://github.com/ryanrosello-og/playwright-redactor/actions/workflows/codeql.yml) 

## This is a tool that can be used to redact sensitive information from your Playwright trace files.

![Main Logo](https://github.com/ryanrosello-og/playwright-redactor/blob/main/assets/2024-01-15_06-11-43.png?raw=true)

### 🧪 Oddly specific use case

* You work for an organization that has a strict policy on storing sensitive information at rest and your trace files have been flagged by the security team for containing sensitive information e.g. production credentials

* You want to share the trace files generated by your tests with strangers on the internet for debugging purposes but you need to redact the sensitive information first

* You would like to store your traces files using a provider e.g. s3. But you have trust issues and you don't want to store sensitive information in the cloud

* Scrub PII information

## 📦 Usage

Ideally, you would invoke this app as part of your CI/CD pipeline as soon as Playwright has finished generating the trace files using the following command.

```bash

npx playwright-redactor -c ./config.json -t ./traces -r ./regexes.txt

```

The command above will redact the sensitive information from the trace files in the `./traces` folder using the configuration in the `./config.json` file.  The regexes used for redaction are defined in the `./regexes.txt` file.

![Usage](https://github.com/ryanrosello-og/playwright-redactor/blob/main/assets/2024-01-15_17-54-59.gif?raw=true)

## ⚙️ Command line options

| Options  |          |

| -------- | -------- |

| `-r, --regexes `   | Path to the text file containing the regular expression used for replacement.  Each regex separated by a new line   |

|`-c, --config `   | Path to config file  |

|`-t, --trace-files `   | Folder path containing the trace files that require scrubbing  |

## 🛠️ Config file

The config file is a JSON file that contains the following properties:

```json

{

  "full_redaction": true,

  "log_level": "debug",

  "environment_variables": [

    "SUPER_SECRET_PASSWORD",

    "SUPER_SECRET_API_KEY",

    "MY_APP_SECRET",

    "SALESFORCE_API_KEY"

  ]

}

```

The config file above will perform a full redaction whenever a regex is matched using the regexes defined in the array. It will also redact the environment variables listed in the `environment_variables` array.

| Options  |          |

| -------- | -------- |

| `full_redaction`   | **REQUIRED:** When set to `true`, a matched regex will be replaced with . When set to `false`, the app will obscure large parts of the secret. For example: `password1234` will be redaced as `pa******32`   |

|`environment_variables`   | **OPTIONAL:** The value of these environment variables will be redacted from the trace files  |

|`log_level`   | **REQUIRED:** Defaults to debug  |

## 🗎 Regex file

This is a text required by the tool via the `-r` or `--regexes` command line option.

The regex file will contain a list of regexes that will be used to replace the text in the trace files separated by a newline. The following example will search for super_password followed by 3 digits and replace it with . It will also search for all GUIDs and replace it with .  Lastly, it will search for all JWTs and replace it with .

```text

super_[AB]_password\d{3}

^(?:\{0,1}(?:[0-9a-fA-F]){8}-(?:[0-9a-fA-F]){4}-(?:[0-9a-fA-F]){4}-(?:[0-9a-fA-F]){4}-(?:[0-9a-fA-F]){12}\}{0,1})$

^(?:[\w-]*\.[\w-]*\.[\w-]*)$

```

## ⚠️ WARNING 🐊 - ACHTUNG !!

In all cases, the redaction of passwords and other sensitive information may not enough to protect your data. You should always be careful when sharing trace files with strangers on the internet. As an extra precaution, try and scrub session information e.g jwt token, cookies etc from your trace files.

https://www.buymeacoffee.com/ryanrosello.og