From e5a607b5e9f91a200ff5e2ce6ea1446dc2d38db9 Mon Sep 17 00:00:00 2001
From: "Helmut K. C. Tessarek" <tessarek@evermeet.cx>
Date: Sun, 20 Nov 2022 21:22:42 -0500
Subject: [PATCH] make support string more secure

convert all characters to a `*`, except for `:` and `/`
additionally `:` and `/` will also be converted when occuring after the 12nd character
---
 src/config.rs | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/src/config.rs b/src/config.rs
index cc5c7867..b76b2bbe 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -229,17 +229,18 @@ macro_rules! make_config {
                     inner.config.clone()
                 };
 
-                /// We map over the string and remove all alphanumeric, _ and - characters.
-                /// This is the fastest way (within micro-seconds) instead of using a regex (which takes mili-seconds)
                 fn _privacy_mask(value: &str) -> String {
-                    value.chars().map(|c|
-                        match c {
-                            c if c.is_alphanumeric() => '*',
-                            '_' => '*',
-                            '-' => '*',
-                            _ => c
+                    let mut masked: String = String::new();
+                    let mut n = 0;
+                    for c in value.chars() {
+                        if n <= 12 && [':', '/'].contains(&c) {
+                            masked += &c.to_string();
+                        } else {
+                            masked += &'*'.to_string();
                         }
-                    ).collect::<String>()
+                        n += 1;
+                    }
+                    masked
                 }
 
                 serde_json::Value::Object({