Debug/src/Helpers.psm1 at b9d14abc3e58d8bebdba82242e3ade11085f38d4 · PSModule/Debug · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
filter Set-MaskedValue {
    <#
        .SYNOPSIS
        Masks sensitive values such as GitHub tokens, JWT tokens, and private keys.

        .DESCRIPTION
        This function checks an input string against known patterns for sensitive values, such as:
        - GitHub tokens (Personal Access Tokens, OAuth Tokens, Session Tokens, User Tokens)
        - JSON Web Tokens (JWT)
        - Private keys
        If a match is found, the function replaces the value with a corresponding masked placeholder.
        If no match is found, the original value is returned unaltered.

        .EXAMPLE
        Set-MaskedValue -Value '<a token starting with github_pat_>'

        Output:
        ```powershell
        ***GITHUB_FG_PAT_TOKEN***
        ```

        Masks a GitHub fine-grained personal access token.

        .EXAMPLE
        Set-MaskedValue -Value '<a token starting with ghp_>'

        Output:
        ```powershell
        ***GITHUB_CLASSIC_PAT_TOKEN***
        ```

        Masks a classic GitHub personal access token.

        .EXAMPLE
        Set-MaskedValue -Value 'header.payload.signature'

        Output:
        ```powershell
        ***JWT_TOKEN***
        ```

        Masks a JSON Web Token (JWT).

        .EXAMPLE
        Set-MaskedValue -Value "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAA..."

        Output:
        ```powershell
        ***PRIVATE_KEY***
        ```

        Masks a private key.

        .OUTPUTS
        string

        .NOTES
        Returns the masked value if a match is found; otherwise, returns the original value.
    #>
    [Diagnostics.CodeAnalysis.SuppressMessageAttribute(
        'PSUseShouldProcessForStateChangingFunctions', '',
        Justification = 'This function is not state-changing. It is a utility function.'
    )]
    [OutputType([string])]
    [CmdletBinding()]
    param (
        # The value to be checked and potentially masked.
        [Parameter(ValueFromPipeline)]
        [string] $Value = ''
    )

    switch -Regex ($Value) {
        '^github_pat_' {
            '***GITHUB_FG_PAT_TOKEN***'
            break
        }
        '^ghp_' {
            '***GITHUB_CLASSIC_PAT_TOKEN***'
            break
        }
        '^ghs_' {
            '***GITHUB_SESSION_TOKEN***'
            break
        }
        '^ghu_' {
            '***GITHUB_USER_TOKEN***'
            break
        }
        '^gho_' {
            '***GITHUB_OAUTH_TOKEN***'
            break
        }
        '^[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+$' {
            '***JWT_TOKEN***'
            break
        }
        'PRIVATE KEY.*[\s\S]+?.*PRIVATE KEY' {
            '***PRIVATE_KEY***'
            break
        }
        default {
            $Value
        }
    }
}