Documentation
¶
Index ¶
- Variables
- func MaskCardNumber(match string) string
- func MaskCompletelyFunc(replacement string) func(string) string
- func MaskFirstLast(value string, prefixLen, suffixLen int) string
- func MaskFirstLast4(value string) string
- func MaskTokenLastFour(match string) string
- func SanitizeFieldValue(key string, value any) any
- func SanitizeJSON(jsonBytes []byte) string
- func SanitizeLogString(value string) string
- func SanitizeXML(xmlString string, patterns []XMLSanitizationPattern) string
- type SanitizationType
- type XMLSanitizationPattern
Constants ¶
This section is empty.
Variables ¶
var AllowedFields = map[string]bool{ "card_bin": true, "card_brand": true, "card_type": true, }
AllowedFields are field names that should bypass sanitization.
var PaymentXMLPatterns = []XMLSanitizationPattern{ { Name: "AcctNum", Pattern: regexp.MustCompile(`(?i)(<AcctNum>[^<]*</AcctNum>|<AcctNum>[^&]*</AcctNum>)`), MaskingFunc: MaskCardNumber, }, { Name: "CardNum", Pattern: regexp.MustCompile(`(?i)(<CardNum>[^<]*</CardNum>|<CardNum>[^&]*</CardNum>)`), MaskingFunc: MaskCardNumber, }, { Name: "CardNumber", Pattern: regexp.MustCompile(`(?i)(<CardNumber>[^<]*</CardNumber>|<CardNumber>[^&]*</CardNumber>)`), MaskingFunc: MaskCardNumber, }, { Name: "TrackData", Pattern: regexp.MustCompile(`(?i)(<TrackData>[^<]*</TrackData>|<TrackData>[^&]*</TrackData>)`), MaskingFunc: MaskCompletelyFunc(redactedValue), }, { Name: "CVV", Pattern: regexp.MustCompile(`(?i)(<CVV>[^<]*</CVV>|<CVV>[^&]*</CVV>)`), MaskingFunc: MaskCompletelyFunc(redactedValue), }, { Name: "CVV2", Pattern: regexp.MustCompile(`(?i)(<CVV2>[^<]*</CVV2>|<CVV2>[^&]*</CVV2>)`), MaskingFunc: MaskCompletelyFunc(redactedValue), }, { Name: "CVC", Pattern: regexp.MustCompile(`(?i)(<CVC>[^<]*</CVC>|<CVC>[^&]*</CVC>)`), MaskingFunc: MaskCompletelyFunc(redactedValue), }, { Name: "ExpDate", Pattern: regexp.MustCompile(`(?i)(<ExpDate>[^<]*</ExpDate>|<ExpDate>[^&]*</ExpDate>)`), MaskingFunc: MaskCompletelyFunc(redactedValue), }, { Name: "ExpiryDate", Pattern: regexp.MustCompile(`(?i)(<ExpiryDate>[^<]*</ExpiryDate>|<ExpiryDate>[^&]*</ExpiryDate>)`), MaskingFunc: MaskCompletelyFunc(redactedValue), }, { Name: "Password", Pattern: regexp.MustCompile(`(?i)(<Password>[^<]*</Password>|<Password>[^&]*</Password>)`), MaskingFunc: MaskCompletelyFunc(redactedValue), }, { Name: "TransArmorToken", Pattern: regexp.MustCompile(`(?i)(<TransArmorToken>[^<]*</TransArmorToken>|<TransArmorToken>[^&]*</TransArmorToken>)`), MaskingFunc: MaskTokenLastFour, }, }
PaymentXMLPatterns contains pre-configured patterns for common payment processing XML elements.
It is designed for safe logging (masking/redaction), not for request validation.
var RapidConnectXMLPatterns = PaymentXMLPatterns
RapidConnectXMLPatterns is an alias for PaymentXMLPatterns for compatibility with existing codebases.
var SensitiveFields = map[string]SanitizationType{ "cvv": FullyRedact, "security_code": FullyRedact, "cvv2": FullyRedact, "cvc": FullyRedact, "cvc2": FullyRedact, "cardholder": FullyRedact, "cardholder_name": FullyRedact, "card_number": PartialMask, "number": PartialMask, "pan_value": PartialMask, "pan": PartialMask, "primary_account_number": PartialMask, "account_number": PartialMask, "ssn": PartialMask, "tin": PartialMask, "tax_id": PartialMask, "ein": PartialMask, "password": FullyRedact, "secret": FullyRedact, "private_key": FullyRedact, "secret_key": FullyRedact, "api_token": FullyRedact, "api_key_id": PartialMask, "authorization": FullyRedact, "authorization_id": FullyRedact, "authorization_header": FullyRedact, }
SensitiveFields defines fields that require explicit sanitization behavior.
This list is intentionally keyed by lowercased field name.
Functions ¶
func MaskCardNumber ¶
MaskCardNumber shows BIN + last 4 digits of card numbers (PCI-friendly).
func MaskCompletelyFunc ¶
MaskCompletelyFunc returns a function that replaces the inner text with a fixed replacement.
func MaskFirstLast ¶ added in v0.8.0
MaskFirstLast keeps the first prefixLen and last suffixLen characters and masks the middle. Behavior matches Lift's sanitization helpers.
func MaskFirstLast4 ¶ added in v0.8.0
MaskFirstLast4 keeps the first and last 4 characters and masks the middle.
func MaskTokenLastFour ¶
MaskTokenLastFour shows only the last 4 characters of tokens.
func SanitizeFieldValue ¶
SanitizeFieldValue sanitizes a field value based on its key name.
This function is intentionally deterministic and safe-by-default for known sensitive keys.
func SanitizeJSON ¶
SanitizeJSON recursively sanitizes JSON data for logging.
It returns a formatted JSON string with known sensitive fields masked/redacted while preserving structure.
func SanitizeLogString ¶
SanitizeLogString removes control characters that could enable log forging.
func SanitizeXML ¶
func SanitizeXML(xmlString string, patterns []XMLSanitizationPattern) string
SanitizeXML sanitizes XML content using configurable patterns.
It supports both regular XML (<AcctNum>...</AcctNum>) and HTML-escaped XML (<AcctNum>...</AcctNum>).
Types ¶
type SanitizationType ¶
type SanitizationType int
SanitizationType defines how to sanitize a field.
const ( FullyRedact SanitizationType = iota PartialMask )
Source Files