Skip to content

feat: add HarSanitizer for redacting sensitive data #244

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
deviantintegral wants to merge 9 commits into
base: main
Choose a base branch
from
Draft

feat: add HarSanitizer for redacting sensitive data #244

deviantintegral wants to merge 9 commits into from

Conversation

@deviantintegral
Copy link
Owner

@deviantintegral deviantintegral commented Jan 14, 2026

Add HarSanitizer class to remove sensitive data from HAR files before committing fixtures to a repository. Supports redacting:

  • HTTP headers (e.g., Authorization, Cookie, Set-Cookie)
  • Query parameters (e.g., api_key, token)
  • Request/response body fields in JSON and form-encoded data
  • Cookies by name

The sanitizer works on a cloned copy of the HAR to preserve the original. Case-insensitive matching is the default, with an option for case-sensitive.

Also adds __clone() methods to Entry, Request, Response, and PostData classes to ensure proper deep cloning of nested objects.

@deviantintegral deviantintegral force-pushed the claude/har-sanitization-feature-AmIfL branch 6 times, most recently from ce53a60 to 8baf6a2 Compare January 15, 2026 19:20
claude added 9 commits January 16, 2026 00:13
@claude
feat(Entry,Request,Response,PostData): add __clone() methods for deep…
cdcfbfb 
… cloning

Add __clone() methods to Entry, Request, Response, and PostData classes
to ensure proper deep cloning of nested objects. This is essential for
the HarSanitizer to work without modifying the original HAR data.

- Entry: clones request, response, cache, timings, and initiator
- Request: clones headers, cookies, queryString params, and postData
- Response: clones headers, cookies, and content
- PostData: clones params array
@claude
feat(HarSanitizer): add redactHeaders() method
3a5a511 
Add HarSanitizer class with redactHeaders() method to sanitize HTTP
headers in HAR files. Supports:

- Case-insensitive header name matching (default)
- Optional case-sensitive matching via setCaseSensitive()
- Custom redaction value via setRedactedValue()
- Fluent interface for method chaining
- Automatic headers size recalculation after redaction
- Works on both request and response headers
- Non-mutating: original HAR is preserved via deep cloning
@claude
feat(HarSanitizer): add redactQueryParams() method
5bd3ac2 
Add redactQueryParams() method to sanitize query string parameters in
HAR request URLs. Supports:

- Case-insensitive parameter name matching (default)
- Fluent interface for method chaining
- Works alongside redactHeaders() for comprehensive sanitization
@claude
feat: add redactBodyFields() method to HarSanitizer
2246f9c 
Add support for redacting sensitive fields in request and response
bodies. Supports both form-encoded POST parameters and JSON bodies
with recursive field redaction at any nesting level.

- Add redactBodyFields() method for configuring fields to redact
- Sanitize form-encoded POST params by field name
- Sanitize JSON request bodies (PostData.text)
- Sanitize JSON response bodies (Content.text)
- Support recursive redaction in nested JSON structures
- Support JSON arrays with objects containing sensitive fields
- Preserve slashes and unicode characters in sanitized JSON
- Add equivalent mutation ignores for LogicalAnd mutations
@claude
feat: add redactCookies() method to HarSanitizer
d3b2d49 
Add support for redacting cookie values in both requests and responses.

- Add redactCookies() method for configuring cookies to redact
- Sanitize request cookies by name
- Sanitize response cookies by name
- Support case-insensitive cookie name matching (default)
@claude
feat(cli): add har:sanitize command with --header option
df4baf5 
Add a new CLI command to sanitize HAR files by redacting sensitive data.
Initial implementation supports redacting headers via --header option
which can be specified multiple times.

Usage:
  har:sanitize input.har output.har --header Authorization --header Cookie
@claude
feat(cli): add --query-param option to har:sanitize command
3560b7a 
Add support for redacting query parameters via the --query-param option
which can be specified multiple times.

Usage:
  har:sanitize input.har output.har --query-param api_key --query-param token
@claude
feat(cli): add --body-field option to har:sanitize command
2019ffe 
Add support for redacting body fields via the --body-field option
which can be specified multiple times.

Usage:
  har:sanitize input.har output.har --body-field password --body-field api_key
@claude
feat(cli): add --case-sensitive option to har:sanitize command
9c250c2 
Add support for case-sensitive matching via the --case-sensitive flag.
By default, field name matching is case-insensitive. When enabled,
only exact case matches will be redacted.

Usage:
  har:sanitize input.har output.har --query-param api_key --case-sensitive
@deviantintegral deviantintegral force-pushed the claude/har-sanitization-feature-AmIfL branch from 8ae329b to 9c250c2 Compare January 16, 2026 00:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@deviantintegral @claude