From 3db50376aa4e0fbf5c9d206cb955c6f660c7779a Mon Sep 17 00:00:00 2001 From: Markus Wolf Date: Sat, 15 May 2021 23:11:16 +0200 Subject: [PATCH] fix: hide masked value (#668) * fix: hide masked value The ::add-mask:: command output logs the value to be masked. This does expose critical information which should be hidden from the output. * Add test to not output secret in add-mask command Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> --- pkg/runner/command.go | 2 +- pkg/runner/command_test.go | 16 ++++++++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/pkg/runner/command.go b/pkg/runner/command.go index b7ba0d3..48166d2 100755 --- a/pkg/runner/command.go +++ b/pkg/runner/command.go @@ -54,7 +54,7 @@ func (rc *RunContext) commandHandler(ctx context.Context) common.LineHandler { case "error": logger.Infof(" \U00002757 %s", line) case "add-mask": - logger.Infof(" \U00002699 %s", line) + logger.Infof(" \U00002699 %s", "***") case "stop-commands": resumeCommand = arg logger.Infof(" \U00002699 %s", line) diff --git a/pkg/runner/command_test.go b/pkg/runner/command_test.go index 0d66ded..eb80e46 100644 --- a/pkg/runner/command_test.go +++ b/pkg/runner/command_test.go @@ -4,6 +4,8 @@ import ( "context" "testing" + "github.com/nektos/act/pkg/common" + "github.com/sirupsen/logrus/hooks/test" "github.com/stretchr/testify/assert" ) @@ -88,3 +90,17 @@ func TestAddpathADO(t *testing.T) { handler("##[add-path]/boo\n") a.Equal("/boo", rc.ExtraPath[1]) } + +func TestAddmask(t *testing.T) { + logger, hook := test.NewNullLogger() + + a := assert.New(t) + ctx := context.Background() + loggerCtx := common.WithLogger(ctx, logger) + + rc := new(RunContext) + handler := rc.commandHandler(loggerCtx) + handler("::add-mask::my-secret-value\n") + + a.NotEqual(" \U00002699 *my-secret-value", hook.LastEntry().Message) +}