Skip to main content

Redactor

secretsh::redact

Struct Redactor 

Source 
pub struct Redactor { /* private fields */ }
Expand description

Multi-pattern output redactor.

Construct once with Redactor::new, then call redact_bytes, redact_str, or redact_stream as many times as needed. The automaton is immutable after construction and is safe to share across threads.

Implementations§

Source§

impl Redactor

Source

pub fn new(secrets: &[(&str, &[u8])]) -> Result<Self, SecretshError>

Build a new Redactor from a slice of (key_name, secret_value) pairs.

§Errors

Returns SecretshError::Redaction if the Aho-Corasick automaton cannot be constructed (e.g. the combined pattern set is too large for the underlying DFA).

Source

pub fn has_patterns(&self) -> bool

Returns true if the redactor has at least one pattern to match.

When this returns false, all redact_* methods are no-ops that return the input unchanged.

Source

pub fn redact_bytes(&self, input: &[u8]) -> Vec<u8>

Redact a byte slice, returning the redacted bytes.

All occurrences of any registered pattern (raw or encoded) are replaced with the corresponding label. The replacement is performed in a single left-to-right pass using the Aho-Corasick automaton, so overlapping matches are handled correctly (the leftmost match wins).

Source

pub fn redact_str(&self, input: &str) -> String

Redact a string slice, returning the redacted String.

The input is treated as raw bytes during matching (patterns may be arbitrary byte sequences). The output is converted back to String using String::from_utf8_lossy so that any replacement labels (which are always valid UTF-8) are preserved even if the surrounding bytes are not.

Source

pub fn redact_stream( &self, input: &mut dyn Read, output: &mut dyn Write, ) -> Result<u64, Error>

Stream redaction: read all bytes from input, redact them, and write the result to output.

The current implementation buffers the entire input in memory before performing replacement. This is necessary because a secret value may straddle an arbitrary chunk boundary. For very large outputs consider using a sliding-window approach, but for the typical use-case of subprocess stdout/stderr this is acceptable — spawn_child enforces a configurable output limit (default 50 MiB) so the buffer size is bounded.

§Returns

The number of bytes written to output.

§Errors

Returns an io::Error if reading from input or writing to output fails.

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.