ggwhite / go-masker Goto Github PK

Hello,

I'm working with your library and I found a potential bug with the email masking, it looks like it's just masking 4 characters and it's not checking the email length, here is an example:

func TestEmailMasker(t *testing.T) {
	emailMasker := masker.New()

	assert.Equal(t, "pot****@vegetables.com", emailMasker.Email("[email protected]")) // -> good

	assert.Equal(t, "pot***********@vegetables.com", emailMasker.Email("[email protected]"))
	// -> return assertion failed: assertion failed: pot***********@vegetables.com (string) != pot****[email protected] (string)
}

On the first assert, there is only 1 character after the first 3 letters and it's adding 4 * but it's not an issue IMO.

But on the second case, the mask is adding 4 * and not hiding the next characters, I think it's not the behavior wanted, we can easily find the real email behind a mask like this one.

Thanks!

Hello,

I am trying to mask email addresses. Masker does work fine when the email address is in the right format, but if I provide some string which does not match email pattern it breaks with a panic. This is the code https://play.golang.org/p/jk-sVuBSE6k

maskedEmail := masker.Email("abcd")

I get the error as following:

panic: runtime error: index out of range [1] with length 1

goroutine 1 [running]:
github.com/ggwhite/go-masker.(*Masker).Email(0x405759, {0x495798, 0x4})
	/tmp/gopath417995300/pkg/mod/github.com/ggwhite/go-masker@v1.0.4/masker.go:339 +0xfa
github.com/ggwhite/go-masker.Email(...)
	/tmp/gopath417995300/pkg/mod/github.com/ggwhite/go-masker@v1.0.4/masker.go:507
main.main()
	/tmp/sandbox1195686087/prog.go:9 +0x2c

My understanding is, this package is not meant to be doing any king of validations nor it should assume any particular format for the email or anything else for that matter.

Shouldn't the masker be more forgiving and not panic? Maybe as a fallback, instead of failing it can return a nil or just mask everything as a password and return.

I am trying to mask the structs generated by protobuf, but encounter this error: panic: reflect: reflect.Value.Set using value obtained using unexported field because all the structs generated by protobuf has some private fields, such as
state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields and when when we use reflection, it is complaining.

I am wondering if there is any work-around for this.

Hello,
I want to mask all the characters in a field in my struct that is not a password. https://play.golang.org/p/xAdDleuk1KN

type personalDetails struct {
	SSN   string `mask:"password"`
}

While this works fine, but masking it as a type password does not make sense to the reader. It sounds more like SSN is a password when I read the code.

I was wondering if we can solve this by any of the two approaches:

1. If we can have some Generic types that can be used, such as mask:"all" and even more types such as mask:"first-3" or mask:"last-5"

2. Or if we can add more specific types such as mask:"ssn" or mask:"dob"

Having more specialised types just makes is rigid to use, so if we can add some generic types like mentioned in approach 1 above?

Hi,

Following my last issue #26, I think it's a good idea to add a parameter in your function Email() to mask the domain if the boolean is set as true. Right now, it's just adding 4 * on the email but it's very easy to reverse, here is an example:

[email protected] -> tho***@hallard.info
It's very easy with some researchs to find my first name.

With the domain masking, it should looks like this and it's way difficult to reverse my email right now:
[email protected] -> tho***@ha*****.info or tho***@*******.info

I suggest to change the signature of the function to:

func Email(i string, maskDomain boolean) string {
	// ...
}

I'm running "go get -u github.com/ggwhite/go-masker" and getting the following error:
../../../../go/pkg/mod/github.com/ggwhite/[email protected]/masker.go:322:64: undefined: math.MaxInt

Could you please upgrade the codebase for go 1.16 and above?

say for instance I have

package main

import (
masker "github.com/ggwhite/go-masker"
)

func main() {
masker.String(masker.MName, "ggwhite")
masker.String(masker.MID, "A123456789")
masker.String(masker.MMobile, "0987987987")
}

how would I be able to unmask the strings for use in sql query statement?

Hint with this code , seems embedded struct doesn't logged and not printed out as a masking value

package main

import (
	"github.com/ggwhite/go-masker"
	"github.com/sirupsen/logrus"
)

type User struct {
	ID   string `mask:"id"`
	Data string `mask:"data"`
}

type Custom struct {
	ID          string `mask:"id"`
	CustomerID  string `mask:"customer_id"`
	PhoneNumber string `mask:"phone_number"`
	Email       string `mask:"email"`
	User        User   `mask:"user"`
}

func main() {
	u := User{
		ID:   "A93489",
		Data: "Hello World Sensitive Data",
	}

	c := &Custom{
		ID:          "1234",
		CustomerID:  "947549937289",
		PhoneNumber: "8764556537",
		Email:       "[email protected]",
		User:        u,
	}

	t, _ := masker.Struct(c)
	logrus.Infof("%v", t)
}

// output : INFO[0000] &{1234**** 947549937289 8764556537 ica****@gmail.com { }}