This PR adds comprehensive sensitive data masking capabilities to CodeceptJS, allowing users to define custom patterns to obfuscate sensitive information like emails, credit cards, phone numbers, and other data in all output including logs, steps, debug messages, and error messages.

Overview

CodeceptJS can now automatically mask sensitive data in all output using the enhanced maskSensitiveData configuration option. This builds upon the existing boolean configuration to support custom regex patterns with user-defined mask strings.

Configuration

Backward Compatible Boolean Configuration

// codecept.conf.js
exports.config = {
  maskSensitiveData: true, // Uses built-in patterns for common sensitive data
  // ... other config
}

Advanced Custom Patterns Configuration

// codecept.conf.js
exports.config = {
  maskSensitiveData: {
    enabled: true,
    patterns: [
      {
        name: 'Email',
        regex: /(\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b)/gi,
        mask: '[MASKED_EMAIL]'
      },
      {
        name: 'Credit Card',
        regex: /\b(?:\d{4}[- ]?){3}\d{4}\b/g,
        mask: '[MASKED_CARD]'
      },
      {
        name: 'Phone Number',
        regex: /(\+?1[-.\s]?)?\(?([0-9]{3})\)?[-.\s]?([0-9]{3})[-.\s]?([0-9]{4})/g,
        mask: '[MASKED_PHONE]'
      }
    ]
  },
  // ... other config
}

Example Output

With the above configuration, sensitive data is automatically masked:

Before:

Given I have user email "john.doe@company.com"
And I have credit card "4111 1111 1111 1111" 
And I have phone number "+1-555-123-4567"

After:

Given I have user email "[MASKED_EMAIL]"
And I have credit card "[MASKED_CARD]"
And I have phone number "[MASKED_PHONE]"

Where Masking Applies

• Step descriptions and output
• Debug messages (--debug mode)
• Log messages (--verbose mode)
• Error messages
• Success messages
• BDD step output (works alongside existing secret() function)

Implementation Details

• New masking utility (lib/utils/mask_data.js) handles both boolean and object configurations
• Enhanced output system (lib/output.js) applies masking consistently across all output methods
• Leverages existing invisi-data package which already supports custom patterns
• 100% backward compatible with existing boolean configuration and secret() function
• Comprehensive test coverage with 17 tests covering all scenarios

Testing

All existing functionality continues to work unchanged:

• Existing secret() function still masks individual values
• Boolean maskSensitiveData: true configuration works as before
• All 443 existing tests pass
• New comprehensive test suite validates custom pattern functionality

Fixes #5108.

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.