/** * Redacts the values of Azure Shared Access Signature (SAS) query parameters in any * URL embedded in a telemetry payload, so customer-supplied SAS URLs (e.g. blob asset * URLs in widget customization props) cannot leak credentials through Aria/AppInsights. * * Trigger: any URL whose query string contains `sig=`. When detected, every well-known * SAS parameter value in that query is replaced with `[REDACTED]`. Other URLs and other * substrings of the payload pass through unchanged. * * Coverage of SAS parameter names: * - Service/Blob SAS: sig, sv, se, st, sp, spr, sr, sip * - Account SAS: ss, srt * - User-delegation key SAS: skoid, sktid, skt, ske, sks, skv, saoid, suoid, sce, sdd * - Response header overrides: rscc, rscd, rsce, rscl, rsct * * Reference: https://learn.microsoft.com/en-us/rest/api/storageservices/create-service-sas */ /** * Deep-walk a value and redact SAS credentials in any string it contains. * Returns a new object/array (originals are not mutated); non-string leaves are * passed through. Tree-shaped, JSON-like values only — not designed for class * instances, prototype-bound objects, or cyclic graphs. */ export declare const sanitizeSasInPayload: (value: T) => T;