Decidir & Braintree: Scrub cryptogram and number

Braintree Remote: 123 tests, 662 assertions, 0 failures, 0 errors, 0 pendings, 0 omissions, 0 notifications 100% passed Decidir Remote: 28 tests, 99 assertions, 0 failures, 0 errors, 0 pendings, 0 omissions, 0 notifications 100% passed
activemerchant · Aug 21, 2024 · c4531f4 · c4531f4
1 parent 89ddf53
commit c4531f4
Show file tree

Hide file tree

Showing 5 changed files with 691 additions and 2 deletions.
diff --git a/CHANGELOG b/CHANGELOG
@@ -17,6 +17,7 @@
 * NMI: Add customer vault fields [yunnydang] #5215
 * CheckoutV2: Add inquire method [almalee24] #5209
 * Iveri: Add AuthReversal for Authorizations [almalee24] #5201
+* Decidir & Braintree: Scrub cryptogram and card number [almalee24] #5220
 
 == Version 1.137.0 (August 2, 2024)
 * Unlock dependency on `rexml` to allow fixing a CVE (#5181).

diff --git a/lib/active_merchant/billing/gateways/braintree/braintree_common.rb b/lib/active_merchant/billing/gateways/braintree/braintree_common.rb
@@ -23,6 +23,8 @@ def scrub(transcript)
       gsub(%r((<payment-method-nonce>)[^<]+(</payment-method-nonce>)), '\1[FILTERED]\2').
       gsub(%r((<payment-method-token>)[^<]+(</payment-method-token>)), '\1[FILTERED]\2').
       gsub(%r((<value>)[^<]{100,}(</value>)), '\1[FILTERED]\2').
-      gsub(%r((<token>)[^<]+(</token>)), '\1[FILTERED]\2')
+      gsub(%r((<token>)[^<]+(</token>)), '\1[FILTERED]\2').
+      gsub(%r((<cryptogram>)[^<]+(</cryptogram>)), '\1[FILTERED]\2').
+      gsub(%r((<number>)[^<]+(</number>)), '\1[FILTERED]\2')
   end
 end
diff --git a/lib/active_merchant/billing/gateways/decidir.rb b/lib/active_merchant/billing/gateways/decidir.rb
@@ -106,7 +106,9 @@ def scrub(transcript)
           gsub(%r((apikey: )\w+)i, '\1[FILTERED]').
           gsub(%r((\"card_number\\\":\\\")\d+), '\1[FILTERED]').
           gsub(%r((\"security_code\\\":\\\")\d+), '\1[FILTERED]').
-          gsub(%r((\"emv_issuer_data\\\":\\\")\d+), '\1[FILTERED]')
+          gsub(%r((\"emv_issuer_data\\\":\\\")\d+), '\1[FILTERED]').
+          gsub(%r((\"cryptogram\\\":\\\")\w+), '\1[FILTERED]').
+          gsub(%r((\"token\\\":\\\")\d+), '\1[FILTERED]')
       end
 
       private

diff --git a/test/remote/gateways/remote_decidir_test.rb b/test/remote/gateways/remote_decidir_test.rb
@@ -360,4 +360,14 @@ def test_transcript_scrubbing
     assert_scrubbed(@credit_card.verification_value, transcript)
     assert_scrubbed(@gateway_for_purchase.options[:api_key], transcript)
   end
+
+  def test_transcript_scrubbing_network_token
+    transcript = capture_transcript(@gateway_for_purchase) do
+      @gateway_for_purchase.purchase(@amount, @network_token, @options)
+    end
+    transcript = @gateway_for_purchase.scrub(transcript)
+
+    assert_scrubbed(@network_token.payment_cryptogram, transcript)
+    assert_scrubbed(@network_token.number, transcript)
+  end
 end