[PLAT-639] Add credentials obfuscation

[Antoninbln]

Purpose of this PR

To be clean with sentry implementation, we need to obfuscate some critical information in logs such as TOKEN=MY_TOKEN or "token": "My token".

Changes

• New obfuscation mode has been added : for example password=My-super-password in log.msg is now obfuscated by default ;
• Parameters of SensitiveDataStream has changed :
  • fragments -> Example : (password|mdp);
  • patterns -> Example : [{ regex: YOUR_REGEX, substitute: SUBSTITUTION_CONTENT }];
• Add the possibility to provide an "obfuscation config" to obfuscate whatever you want. To do this you need to use :

const newLogger = init({
   logger: { sensitiveDataFragment, sensitiveDataPattern },
});

• Update documentation

[codecov]

Codecov Report

Merging #33 into master will not change coverage.
The diff coverage is 100%.

@@          Coverage Diff          @@
##           master    #33   +/-   ##
=====================================
  Coverage     100%   100%           
=====================================
  Files           4      4           
  Lines          39     44    +5     
=====================================
+ Hits           39     44    +5

Impacted Files	Coverage Δ
index.js	100% <ø> (ø)	⬆️
streams/sensitive-data.js	100% <100%> (ø)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 9648ed5...d673f48. Read the comment docs.

[codecov]

Codecov Report

Merging #33 into master will not change coverage.
The diff coverage is 100%.

@@          Coverage Diff          @@
##           master    #33   +/-   ##
=====================================
  Coverage     100%   100%           
=====================================
  Files           4      4           
  Lines          39     42    +3     
=====================================
+ Hits           39     42    +3

Impacted Files	Coverage Δ
index.js	100% <ø> (ø)	⬆️
streams/sensitive-data.js	100% <100%> (ø)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 9648ed5...507fb00. Read the comment docs.

[ygrandmaitre]

LGTM some comment about default regexp

[ygrandmaitre]

I think we should only have the first regexp by default to be iso with the actual version of the logger.
And the second regex should only be used in nestor-api

[ygrandmaitre]

I'm not sure we need to change the substitute I think we can forced to be SENSITIVE_DATA

[Antoninbln]

Indeed, it isn't realy about SENISITIVE_DATA but more about the whole pattern replacement such as :

"password":"WHATEVER" -> "$1":"WHATEVERE" which needs dots and quotes.

Althought password=whatever - > $1=WHATEVER doesn't need.

[ThierryPot]

I would remove this case from the default regexp to keep the same behaviour as before.

[ThierryPot]

Do we really need to specify a substitute? the default one should be enough? Don't you think?

[Antoninbln]

Substitute is indeed replacement pattern like "$1":"__SENSITIVE_DATA__", and it is not the same depending on cases, sometimes we need quotes, for other ones we don't necessarily need.

[ThierryPot]

If it is just to avoid double quote in the equal case, I keep thinking it is not necessary.

[ThierryPot]

All the logging process is done synchronously, we must ensure this array has not too many items because it could lead to performance issues.
If we don't do anything in code we must at least warn the users in the documentation.

[Antoninbln]

I just updated README because for the moment there is no usage of this functionality. But if you prefer I can update code.

[ygrandmaitre]

LGTM