sanitization

package
v0.7.0-rc Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 2, 2026 License: Apache-2.0 Imports: 5 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var AllowedFields = map[string]bool{
	"card_bin":   true,
	"card_brand": true,
	"card_type":  true,
}

AllowedFields are field names that should bypass sanitization.

View Source 
var PaymentXMLPatterns = []XMLSanitizationPattern{
	{
		Name:        "AcctNum",
		Pattern:     regexp.MustCompile(`(?i)(<AcctNum>[^<]*</AcctNum>|&lt;AcctNum&gt;[^&]*&lt;/AcctNum&gt;)`),
		MaskingFunc: MaskCardNumber,
	},
	{
		Name:        "CardNum",
		Pattern:     regexp.MustCompile(`(?i)(<CardNum>[^<]*</CardNum>|&lt;CardNum&gt;[^&]*&lt;/CardNum&gt;)`),
		MaskingFunc: MaskCardNumber,
	},
	{
		Name:        "CardNumber",
		Pattern:     regexp.MustCompile(`(?i)(<CardNumber>[^<]*</CardNumber>|&lt;CardNumber&gt;[^&]*&lt;/CardNumber&gt;)`),
		MaskingFunc: MaskCardNumber,
	},
	{
		Name:        "TrackData",
		Pattern:     regexp.MustCompile(`(?i)(<TrackData>[^<]*</TrackData>|&lt;TrackData&gt;[^&]*&lt;/TrackData&gt;)`),
		MaskingFunc: MaskCompletelyFunc(redactedValue),
	},
	{
		Name:        "CVV",
		Pattern:     regexp.MustCompile(`(?i)(<CVV>[^<]*</CVV>|&lt;CVV&gt;[^&]*&lt;/CVV&gt;)`),
		MaskingFunc: MaskCompletelyFunc(redactedValue),
	},
	{
		Name:        "CVV2",
		Pattern:     regexp.MustCompile(`(?i)(<CVV2>[^<]*</CVV2>|&lt;CVV2&gt;[^&]*&lt;/CVV2&gt;)`),
		MaskingFunc: MaskCompletelyFunc(redactedValue),
	},
	{
		Name:        "CVC",
		Pattern:     regexp.MustCompile(`(?i)(<CVC>[^<]*</CVC>|&lt;CVC&gt;[^&]*&lt;/CVC&gt;)`),
		MaskingFunc: MaskCompletelyFunc(redactedValue),
	},
	{
		Name:        "ExpDate",
		Pattern:     regexp.MustCompile(`(?i)(<ExpDate>[^<]*</ExpDate>|&lt;ExpDate&gt;[^&]*&lt;/ExpDate&gt;)`),
		MaskingFunc: MaskCompletelyFunc(redactedValue),
	},
	{
		Name:        "ExpiryDate",
		Pattern:     regexp.MustCompile(`(?i)(<ExpiryDate>[^<]*</ExpiryDate>|&lt;ExpiryDate&gt;[^&]*&lt;/ExpiryDate&gt;)`),
		MaskingFunc: MaskCompletelyFunc(redactedValue),
	},
	{
		Name:        "Password",
		Pattern:     regexp.MustCompile(`(?i)(<Password>[^<]*</Password>|&lt;Password&gt;[^&]*&lt;/Password&gt;)`),
		MaskingFunc: MaskCompletelyFunc(redactedValue),
	},
	{
		Name:        "TransArmorToken",
		Pattern:     regexp.MustCompile(`(?i)(<TransArmorToken>[^<]*</TransArmorToken>|&lt;TransArmorToken&gt;[^&]*&lt;/TransArmorToken&gt;)`),
		MaskingFunc: MaskTokenLastFour,
	},
}

PaymentXMLPatterns contains pre-configured patterns for common payment processing XML elements.

It is designed for safe logging (masking/redaction), not for request validation.

View Source 
var RapidConnectXMLPatterns = PaymentXMLPatterns

RapidConnectXMLPatterns is an alias for PaymentXMLPatterns for compatibility with existing codebases.

View Source 
var SensitiveFields = map[string]SanitizationType{
	"cvv":           FullyRedact,
	"security_code": FullyRedact,
	"cvv2":          FullyRedact,
	"cvc":           FullyRedact,
	"cvc2":          FullyRedact,

	"cardholder":      FullyRedact,
	"cardholder_name": FullyRedact,

	"card_number": PartialMask,
	"number":      PartialMask,

	"account_number": PartialMask,
	"ssn":            PartialMask,
	"tin":            PartialMask,
	"tax_id":         PartialMask,
	"ein":            PartialMask,

	"password":    FullyRedact,
	"secret":      FullyRedact,
	"private_key": FullyRedact,
	"secret_key":  FullyRedact,

	"api_token":            FullyRedact,
	"api_key_id":           PartialMask,
	"authorization":        FullyRedact,
	"authorization_id":     FullyRedact,
	"authorization_header": FullyRedact,
}

SensitiveFields defines fields that require explicit sanitization behavior.

This list is intentionally keyed by lowercased field name.

Functions

func MaskCardNumber 

func MaskCardNumber(match string) string

MaskCardNumber shows BIN + last 4 digits of card numbers (PCI-friendly).

func MaskCompletelyFunc 

func MaskCompletelyFunc(replacement string) func(string) string

MaskCompletelyFunc returns a function that replaces the inner text with a fixed replacement.

func MaskTokenLastFour 

func MaskTokenLastFour(match string) string

MaskTokenLastFour shows only the last 4 characters of tokens.

func SanitizeFieldValue 

func SanitizeFieldValue(key string, value any) any

SanitizeFieldValue sanitizes a field value based on its key name.

This function is intentionally deterministic and safe-by-default for known sensitive keys.

func SanitizeJSON 

func SanitizeJSON(jsonBytes []byte) string

SanitizeJSON recursively sanitizes JSON data for logging.

It returns a formatted JSON string with known sensitive fields masked/redacted while preserving structure.

func SanitizeLogString 

func SanitizeLogString(value string) string

SanitizeLogString removes control characters that could enable log forging.

func SanitizeXML 

func SanitizeXML(xmlString string, patterns []XMLSanitizationPattern) string

SanitizeXML sanitizes XML content using configurable patterns.

It supports both regular XML (<AcctNum>...</AcctNum>) and HTML-escaped XML (&lt;AcctNum&gt;...&lt;/AcctNum&gt;).

Types

type SanitizationType 

type SanitizationType int

SanitizationType defines how to sanitize a field. 

const (
	FullyRedact SanitizationType = iota
	PartialMask
)

type XMLSanitizationPattern 

type XMLSanitizationPattern struct {
	Pattern     *regexp.Regexp
	MaskingFunc func(match string) string
	Name        string
}

XMLSanitizationPattern defines a regex-based sanitization rule for XML elements.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.