Comprehensive sanitization system for cleaning sensitive data from recordings, with support for multiple sanitizer types and flexible matching strategies to ensure test recordings don't contain secrets or sensitive information.
Main configuration interface for all types of sanitizers that can be applied to recordings.
/**
* Configuration for various sanitizer types that clean sensitive data from recordings
*/
interface SanitizerOptions {
/** General-purpose sanitizers applied to request/response body, headers, and URI */
generalSanitizers?: FindReplaceSanitizer[];
/** Sanitizers specifically for request/response bodies */
bodySanitizers?: FindReplaceSanitizer[];
/** Sanitizers for HTTP headers */
headerSanitizers?: HeaderSanitizer[];
/** Sanitizers for URIs */
uriSanitizers?: FindReplaceSanitizer[];
/** Sanitizers for connection strings */
connectionStringSanitizers?: ConnectionStringSanitizer[];
/** Sanitizers for specific JSON keys in request/response bodies */
bodyKeySanitizers?: BodyKeySanitizer[];
/** Sanitizers for continuation tokens */
continuationSanitizers?: ContinuationSanitizer[];
/** Sanitizer to remove specific headers entirely */
removeHeaderSanitizer?: RemoveHeaderSanitizer;
/** Enable OAuth response sanitization */
oAuthResponseSanitizer?: boolean;
/** Sanitize subscription IDs in URIs */
uriSubscriptionIdSanitizer?: { value: string };
/** Reset all sanitizers */
resetSanitizer?: boolean;
}Usage Examples:
const sanitizerOptions: SanitizerOptions = {
generalSanitizers: [
{ target: "my-secret-key", value: "sanitized-key" }
],
headerSanitizers: [
{ key: "Authorization", value: "Sanitized" }
],
connectionStringSanitizers: [
{
actualConnString: "AccountName=test;AccountKey=realkey",
fakeConnString: "AccountName=test;AccountKey=fakekey"
}
],
oAuthResponseSanitizer: true
};
await recorder.addSanitizers(sanitizerOptions);Union type for basic find-and-replace sanitization using either regex or string matching.
/**
* Union type for regex-based or string-based find-and-replace sanitizers
*/
type FindReplaceSanitizer = RegexSanitizer | StringSanitizer;
/**
* Regex-based sanitizer for complex pattern matching and replacement
*/
interface RegexSanitizer {
/** Indicates this is a regex sanitizer */
regex: true;
/** The replacement value */
value: string;
/** The regex pattern to match */
target: string;
/** Optional capture group for partial replacement */
groupForReplace?: string;
}
/**
* Simple string-based sanitizer for literal find-and-replace
*/
interface StringSanitizer {
/** Indicates this is not a regex sanitizer */
regex?: false;
/** The string to find */
target: string;
/** The replacement value */
value: string;
}Usage Examples:
// String-based sanitization
const stringSanitizer: StringSanitizer = {
target: "my-actual-secret",
value: "sanitized-secret"
};
// Regex-based sanitization
const regexSanitizer: RegexSanitizer = {
regex: true,
target: "AccountKey=([^;]+)",
value: "sanitized-account-key",
groupForReplace: "1"
};
// Complex regex with capture groups
const urlSanitizer: RegexSanitizer = {
regex: true,
target: "https://([^.]+)\\.blob\\.core\\.windows\\.net",
value: "sanitized-account",
groupForReplace: "1"
};
await recorder.addSanitizers({
generalSanitizers: [stringSanitizer, regexSanitizer],
uriSanitizers: [urlSanitizer]
});Specialized sanitizers for cleaning HTTP headers with support for key-based targeting and flexible value replacement.
/**
* Sanitizer specifically for HTTP headers
*/
interface HeaderSanitizer {
/** The header name to sanitize */
key: string;
/** Whether to use regex matching for the value */
regex?: boolean;
/** Target pattern or string to match in header value */
target?: string;
/** Replacement value for the header */
value?: string;
/** Capture group for partial replacement when using regex */
groupForReplace?: string;
}Usage Examples:
// Completely replace authorization header
const authSanitizer: HeaderSanitizer = {
key: "Authorization",
value: "Sanitized"
};
// Sanitize specific parts of a complex header
const complexHeaderSanitizer: HeaderSanitizer = {
key: "x-ms-client-request-id",
regex: true,
target: "([a-f0-9-]{36})",
value: "sanitized-guid",
groupForReplace: "1"
};
// Remove sensitive cookie information
const cookieSanitizer: HeaderSanitizer = {
key: "Cookie",
regex: true,
target: "sessionid=([^;]+)",
value: "sanitized-session",
groupForReplace: "1"
};
await recorder.addSanitizers({
headerSanitizers: [authSanitizer, complexHeaderSanitizer, cookieSanitizer]
});Specialized sanitizers for Azure connection strings, replacing actual connection strings with fake ones for testing.
/**
* Sanitizer for Azure connection strings
*/
interface ConnectionStringSanitizer {
/** The actual connection string to replace (required in practice, runtime error if missing) */
actualConnString?: string;
/** The fake connection string to use in recordings */
fakeConnString: string;
}Usage Examples:
// Direct connection string replacement
const connStringSanitizer: ConnectionStringSanitizer = {
actualConnString: "DefaultEndpointsProtocol=https;AccountName=myaccount;AccountKey=realkey==;EndpointSuffix=core.windows.net",
fakeConnString: "DefaultEndpointsProtocol=https;AccountName=myaccount;AccountKey=fakekey==;EndpointSuffix=core.windows.net"
};
// Service Bus connection string
const serviceBusSanitizer: ConnectionStringSanitizer = {
actualConnString: "Endpoint=sb://mybus.servicebus.windows.net/;SharedAccessKeyName=policy;SharedAccessKey=realkey=",
fakeConnString: "Endpoint=sb://mybus.servicebus.windows.net/;SharedAccessKeyName=policy;SharedAccessKey=fakekey="
};
await recorder.addSanitizers({
connectionStringSanitizers: [connStringSanitizer, serviceBusSanitizer]
});Sanitizers that target specific JSON keys in request and response bodies using JSONPath expressions.
/**
* Sanitizer for specific JSON keys in request/response bodies
*/
interface BodyKeySanitizer {
/** Optional regex pattern for matching */
regex?: string;
/** Replacement value */
value?: string;
/** Capture group for partial replacement */
groupForReplace?: string;
/** JSONPath expression targeting specific keys */
jsonPath: string;
}Usage Examples:
// Sanitize password fields in JSON bodies
const passwordSanitizer: BodyKeySanitizer = {
jsonPath: "$.password",
value: "sanitized-password"
};
// Sanitize nested API keys
const apiKeySanitizer: BodyKeySanitizer = {
jsonPath: "$.config.apiKey",
value: "sanitized-api-key"
};
// Sanitize array elements
const tokenArraySanitizer: BodyKeySanitizer = {
jsonPath: "$.tokens[*].value",
value: "sanitized-token"
};
await recorder.addSanitizers({
bodyKeySanitizers: [passwordSanitizer, apiKeySanitizer, tokenArraySanitizer]
});Sanitizers for handling continuation tokens in paginated API responses, ensuring consistent behavior across recording sessions.
/**
* Sanitizer for continuation tokens in paginated responses
*/
interface ContinuationSanitizer {
/** The key/header name containing the continuation token */
key: string;
/** Optional HTTP method to apply sanitizer to */
method?: string;
/** Whether to reset the sanitizer after the first use */
resetAfterFirst: boolean;
}Usage Examples:
// Sanitize pagination tokens in Azure Storage list operations
const continuationSanitizer: ContinuationSanitizer = {
key: "x-ms-continuation",
resetAfterFirst: true
};
// Sanitize continuation tokens in specific HTTP methods
const getContinuationSanitizer: ContinuationSanitizer = {
key: "nextLink",
method: "GET",
resetAfterFirst: false
};
await recorder.addSanitizers({
continuationSanitizers: [continuationSanitizer, getContinuationSanitizer]
});Sanitizer that completely removes specified headers from recordings instead of replacing their values.
/**
* Sanitizer to completely remove specific headers from recordings
*/
interface RemoveHeaderSanitizer {
/** List of header names to remove entirely */
headersForRemoval: string[];
}Usage Examples:
// Remove sensitive headers entirely
const removeHeaders: RemoveHeaderSanitizer = {
headersForRemoval: [
"x-ms-client-secret",
"x-internal-correlation-id",
"user-agent"
]
};
await recorder.addSanitizers({
removeHeaderSanitizer: removeHeaders
});Methods for applying sanitizers to recording sessions, with support for session-level and instance-level sanitization.
/**
* Adds sanitizers to the current recording session
* @param options - Sanitizer configuration
* @param mode - Optional recording modes to apply sanitizers to (defaults to both record and playback)
*/
async addSanitizers(options: SanitizerOptions, mode?: ("record" | "playback")[]): Promise<void>;
/**
* Adds session-level sanitizers that apply across all recording sessions
* @param options - Sanitizer configuration
* @param mode - Optional recording modes to apply sanitizers to (defaults to both record and playback)
*/
static async addSessionSanitizers(options: SanitizerOptions, mode?: ("record" | "playback")[]): Promise<void>;Usage Examples:
// Add sanitizers to current recorder instance
await recorder.addSanitizers({
generalSanitizers: [
{ target: "secret-value", value: "sanitized" }
]
});
// Add sanitizers only for record mode
await recorder.addSanitizers({
headerSanitizers: [
{ key: "Authorization", value: "Sanitized" }
]
}, ["record"]);
// Add session-level sanitizers that apply to all recorders
await Recorder.addSessionSanitizers({
generalSanitizers: [
{ target: "common-secret", value: "sanitized-common" }
]
});