Merge pull request #53559 from callstack-internal/fix/mask-missing-fi…

…elds fix: mask fields with sensitive data for Export
Expensify · Dec 12, 2024 · 05b22e3 · 05b22e3
2 parents 629a083 + b24b57c
commit 05b22e3
Show file tree

Hide file tree

Showing 2 changed files with 39 additions and 2 deletions.
diff --git a/src/libs/ExportOnyxState/common.ts b/src/libs/ExportOnyxState/common.ts
@@ -3,6 +3,23 @@ import ONYXKEYS from '@src/ONYXKEYS';
 import type {Session} from '@src/types/onyx';
 
 const MASKING_PATTERN = '***';
+const keysToMask = [
+    'plaidLinkToken',
+    'plaidAccessToken',
+    'plaidAccountID',
+    'addressName',
+    'addressCity',
+    'addressStreet',
+    'addressZipCode',
+    'street',
+    'city',
+    'state',
+    'zip',
+    'edits',
+    'lastMessageHtml',
+    'lastMessageText',
+];
+
 const emailRegex = /[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}/;
 
 const emailMap = new Map<string, string>();
@@ -94,12 +111,18 @@ const maskFragileData = (data: Record<string, unknown> | unknown[] | null, paren
 
         const value = data[propertyName];
 
-        if (typeof value === 'string' && Str.isValidEmail(value)) {
+        if (keysToMask.includes(key)) {
+            if (Array.isArray(value)) {
+                maskedData[key] = value.map(() => MASKING_PATTERN);
+            } else {
+                maskedData[key] = MASKING_PATTERN;
+            }
+        } else if (typeof value === 'string' && Str.isValidEmail(value)) {
             maskedData[propertyName] = maskEmail(value);
         } else if (typeof value === 'string' && stringContainsEmail(value)) {
             maskedData[propertyName] = replaceEmailInString(value, maskEmail(extractEmail(value) ?? ''));
         } else if (parentKey && parentKey.includes(ONYXKEYS.COLLECTION.REPORT_ACTIONS) && (propertyName === 'text' || propertyName === 'html')) {
-            maskedData[propertyName] = MASKING_PATTERN;
+            maskedData[key] = MASKING_PATTERN;
         } else if (typeof value === 'object') {
             maskedData[propertyName] = maskFragileData(value as Record<string, unknown>, propertyName.includes(ONYXKEYS.COLLECTION.REPORT_ACTIONS) ? propertyName : parentKey);
         } else {

diff --git a/tests/unit/ExportOnyxStateTest.ts b/tests/unit/ExportOnyxStateTest.ts
@@ -3,6 +3,7 @@ import type * as OnyxTypes from '@src/types/onyx';
 
 type ExampleOnyxState = {
     session: OnyxTypes.Session;
+    [key: string]: unknown;
 };
 
 describe('maskOnyxState', () => {
@@ -85,4 +86,17 @@ describe('maskOnyxState', () => {
         const result = ExportOnyxState.maskOnyxState(input, true) as Record<string, string>;
         expect(result.emailString).not.toContain('[email protected]');
     });
+
+    it('should mask keys that are in the fixed list', () => {
+        const input = {
+            session: mockSession,
+            edits: ['hey', 'hi'],
+            lastMessageHtml: 'hey',
+        };
+
+        const result = ExportOnyxState.maskOnyxState(input, true) as ExampleOnyxState;
+
+        expect(result.edits).toEqual(['***', '***']);
+        expect(result.lastMessageHtml).toEqual('***');
+    });
 });