Multi-level wildcards redact things that should not be redacted

[nagy135]

Hello, i wrote test that shows what i mean, so basically, if you provide deep enough sequence of wildcards, then all it needs is matching last key in object and its redacted. Even thou in paths you require also "the one before it" to match.

test("Test with multiple levels of wildcards", ({ end, is }) => {
  const censor = "censored";
  const value = "value";

  const paths = [
    "a.x",
    "a.y",
    "*.a.x",
    "*.a.y",

    // These break it
    "*.*.a.x",
    "*.*.a.y",

    // These wont do it
    // "*.*.a.x2",
    // "*.*.a.y2"
  ];

  const redact = fastRedact({ paths, censor, serialize: false });
  const o = {
    a: {
      x: value,
      y: value,
    },
    b: {
      x: value,
      y: value,
    },
  };

  redact(o);
  is(o.a.x, censor);
  is(o.a.y, censor);
  is(o.b.x, value);
  is(o.b.y, value);
  redact.restore(o);
  is(o.a.x, value);
  is(o.a.y, value);
  is(o.b.x, value);
  is(o.b.y, value);
  end();
});

[BennoDev]

Same issue here, we want to redact PII from potentially deeply nested objects - data structures defined by API responses / external librariers - for example *.*.*.*.*.team.name results in redacting all name properties.

This tied with the fact deep wildcard redaction doesn't work makes it very hard to use the library now.