feat_: SensitiveString type (#6190)

* feat_: SensitiveString type * chore_: New by value, remove SetValue, add IsEmpty * feat_: export RedactionPlaceholder * fix_: MarshalJSON by value * fix_: method receivers * fix_: linter
2024-12-11 14:07:34 +00:00 · 2024-12-11 14:07:34 +00:00 · ef177c1c63
parent 8b95c81488
commit ef177c1c63
2 changed files with 124 additions and 0 deletions
--- a/internal/security/sensitive_string.go
+++ b/internal/security/sensitive_string.go
@ -0,0 +1,58 @@
+package security
+
+import (
+	"encoding/json"
+)
+
+const RedactionPlaceholder = "***"
+
+// SensitiveString is a type for handling sensitive information securely.
+// This helps to achieve the following goals:
+//  1. Prevent accidental logging of sensitive information.
+//  2. Provide controlled visibility (e.g., redacted output for String() or MarshalJSON()).
+//  3. Enable controlled access to the sensitive value when needed.
+type SensitiveString struct {
+	value string
+}
+
+// NewSensitiveString creates a new SensitiveString
+func NewSensitiveString(value string) SensitiveString {
+	return SensitiveString{value: value}
+}
+
+// String provides a redacted version of the sensitive string
+func (s SensitiveString) String() string {
+	if s.value == "" {
+		return ""
+	}
+	return RedactionPlaceholder
+}
+
+// MarshalJSON ensures that sensitive strings are redacted when marshaled to JSON
+// NOTE: It's important to define this method on the value receiver,
+// otherwise `json.Marshal` will not call this method.
+func (s SensitiveString) MarshalJSON() ([]byte, error) {
+	return json.Marshal(s.String())
+}
+
+// UnmarshalJSON implements unmarshalling a sensitive string from JSON
+// NOTE: It's important to define this method on the pointer receiver,
+// otherwise `json.Marshal` will not call this method.
+func (s *SensitiveString) UnmarshalJSON(data []byte) error {
+	var value string
+	if err := json.Unmarshal(data, &value); err != nil {
+		return err
+	}
+	s.value = value
+	return nil
+}
+
+// Reveal exposes the sensitive value (use with caution)
+func (s SensitiveString) Reveal() string {
+	return s.value
+}
+
+// Empty checks if the value is empty
+func (s SensitiveString) Empty() bool {
+	return s.value == ""
+}
--- a/internal/security/sensitive_string_test.go
+++ b/internal/security/sensitive_string_test.go
@ -0,0 +1,66 @@
+package security
+
+import (
+	"encoding/json"
+	"testing"
+
+	"github.com/brianvoe/gofakeit/v6"
+	"github.com/stretchr/testify/require"
+)
+
+func TestNewSensitiveString(t *testing.T) {
+	secretValue := gofakeit.LetterN(10)
+	s := NewSensitiveString(secretValue)
+	require.Equal(t, secretValue, s.Reveal())
+}
+
+func TestStringRedaction(t *testing.T) {
+	secretValue := gofakeit.LetterN(10)
+	s := NewSensitiveString(secretValue)
+	require.Equal(t, RedactionPlaceholder, s.String())
+}
+
+func TestEmptyStringRedaction(t *testing.T) {
+	s := NewSensitiveString("")
+	require.Equal(t, "", s.String())
+}
+
+func TestMarshalJSON(t *testing.T) {
+	secretValue := gofakeit.LetterN(10)
+	s := NewSensitiveString(secretValue)
+	data, err := json.Marshal(s)
+	require.NoError(t, err)
+	require.JSONEq(t, `"`+RedactionPlaceholder+`"`, string(data))
+}
+
+func TestMarshalJSONPointer(t *testing.T) {
+	secretValue := gofakeit.LetterN(10)
+	s := NewSensitiveString(secretValue)
+	data, err := json.Marshal(&s)
+	require.NoError(t, err)
+	require.JSONEq(t, `"`+RedactionPlaceholder+`"`, string(data))
+}
+
+func TestUnmarshalJSON(t *testing.T) {
+	secretValue := gofakeit.LetterN(10)
+	data := `"` + secretValue + `"`
+	var s SensitiveString
+	err := json.Unmarshal([]byte(data), &s)
+	require.NoError(t, err)
+	require.Equal(t, secretValue, s.Reveal())
+}
+
+func TestUnamarshalJSONError(t *testing.T) {
+	// Can't unmarshal a non-string value
+	var s SensitiveString
+	data := `{"key": "value"}`
+	err := json.Unmarshal([]byte(data), &s)
+	require.Error(t, err)
+}
+
+func TestCopySensitiveString(t *testing.T) {
+	secretValue := gofakeit.LetterN(10)
+	s := NewSensitiveString(secretValue)
+	sCopy := s
+	require.Equal(t, secretValue, sCopy.Reveal())
+}