TypeError: Cannot read properties of undefined (reading 'map') when using replace sanitization and all cookies

[alexkli]

On my first try of harmor, I used a larger har file generated by Firefox but ran into an error when it started to process:

> npx harmor all.har 

  
██╗  ██╗  █████╗  ██████╗  ███╗   ███╗  ██████╗  ██████╗ 
██║  ██║ ██╔══██╗ ██╔══██╗ ████╗ ████║ ██╔═══██╗ ██╔══██╗
███████║ ███████║ ██████╔╝ ██╔████╔██║ ██║   ██║ ██████╔╝
██╔══██║ ██╔══██║ ██╔══██╗ ██║╚██╔╝██║ ██║   ██║ ██╔══██╗
██║  ██║ ██║  ██║ ██║  ██║ ██║ ╚═╝ ██║ ╚██████╔╝ ██║  ██║
╚═╝  ╚═╝ ╚═╝  ╚═╝ ╚═╝  ╚═╝ ╚═╝     ╚═╝  ╚═════╝  ╚═╝  ╚═╝


✔ How do you want to sanitize values? › by replace with '_harmored_'
✔ Do you want to sanitize all JWT by regex? - algorithm and signature will be sanitized … yes

✔ Which cookies do you want to sanitize? - press enter to submit
   › All cookies

✔ Which headers do you want to sanitize? - press enter to submit
   › Skip headers sanitization

✔ Which query parameter do you want to sanitize? - press enter to submit
   › Skip query sanitization

✔ Which url pathname do you want to full sanitize? - press enter to submit
   › Skip full sanitization by url

✔ Which body json keys do you want to sanitize? - press enter to submit
   › refreshToken
✔  › accessToken
✔  › refresh_token
✔  › access_token
✔  › client_secret
✔  › password
✔  › token
✔  › Done

✔ Do you want to add default security "Headers" ? › authorization, x-frontegg-, client-id, tenant-id, x-client-data
✔ Do you want to add default security "Query Params" ? › code, SAMLRequest, SAMLResponse, token, code_challenge, code_verifier
✔ Do you want to add default security "Content Restricted Keys" ? › code_challenge, client_id, code, code_challenge, code_verifier, id_token
✔ Do you want to save this template for future use? … no
TypeError: Cannot read properties of undefined (reading 'map')
    at armorFn (/Users/alex/.npm/_npx/1a5a48475a48d377/node_modules/harmor/src/Harmor/builder.js:166:26)
    at /Users/alex/.npm/_npx/1a5a48475a48d377/node_modules/harmor/src/Harmor/harmor.js:55:46
    at Array.map (<anonymous>)
    at Harmor.sanitize (/Users/alex/.npm/_npx/1a5a48475a48d377/node_modules/harmor/src/Harmor/harmor.js:43:47)
    at /Users/alex/.npm/_npx/1a5a48475a48d377/node_modules/harmor/src/index.js:139:31
    at Generator.next (<anonymous>)
    at fulfilled (/Users/alex/.npm/_npx/1a5a48475a48d377/node_modules/tslib/tslib.js:166:62)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)

[alexkli]

If I chose encryption instead of replacement, it works.

[alexkli]

Attached is a simple file to reproduce with. From Safari. Single google.com request only, from an incognito window.
Happens when selecting:

• sanitize: replace
• sanitize ALL cookies
• rest all on default setting
• not saving as template

www.google.com.har.json

[amirjaron]

Hi @alexkli
I wasn't able to reproduce your issue with the above sample file.
Is it still occurring to you?

➜   npx harmor ../TypeError\ issue.har


██╗  ██╗  █████╗  ██████╗  ███╗   ███╗  ██████╗  ██████╗
██║  ██║ ██╔══██╗ ██╔══██╗ ████╗ ████║ ██╔═══██╗ ██╔══██╗
███████║ ███████║ ██████╔╝ ██╔████╔██║ ██║   ██║ ██████╔╝
██╔══██║ ██╔══██║ ██╔══██╗ ██║╚██╔╝██║ ██║   ██║ ██╔══██╗
██║  ██║ ██║  ██║ ██║  ██║ ██║ ╚═╝ ██║ ╚██████╔╝ ██║  ██║
╚═╝  ╚═╝ ╚═╝  ╚═╝ ╚═╝  ╚═╝ ╚═╝     ╚═╝  ╚═════╝  ╚═╝  ╚═╝


✔ How do you want to sanitize values? › by replace with '_harmored_'
✔ Do you want to sanitize all JWT by regex? - algorithm and signature will be sanitized … yes

✔ Which cookies do you want to sanitize? - press enter to submit
   › Skip cookies sanitization

✔ Which headers do you want to sanitize? - press enter to submit
   › Skip headers sanitization

✔ Which query parameter do you want to sanitize? - press enter to submit
   › Skip query sanitization

✔ Which url pathname do you want to full sanitize? - press enter to submit
   › Skip full sanitization by url

✔ Which body json keys do you want to sanitize? - press enter to submit
   › accessToken
✔  › access_token
✔  › refresh_token
✔  › client_secret
✔  › password
✔  › token
✔  › Done

✔ Do you want to add default security "Cookies" ? › fe_session, fe_refresh_, fe_device_, fe_webauthn_, sessionid, JSESSIONID, PHPSESSID, csrftoken, auth_token
✔ Do you want to add default security "Headers" ? › authorization, x-frontegg-, client-id, tenant-id, x-client-data
✔ Do you want to add default security "Query Params" ? › code, SAMLRequest, SAMLResponse, token, code_challenge, code_verifier
✔ Do you want to add default security "Content Restricted Keys" ? › refreshToken, code_challenge, client_id, code, code_challenge, code_verifier, id_token
✔ Do you want to save this template for future use? … no


🛡 HAR been armored:   ../TypeError issue.harmor.har

[alexkli]

@amirjaron It seems you selected "Skip cookies sanitization" but I set sanitize "All cookies" and then this error still happens. Used npx harmor so I assume it used the latest released version.