simon/semantic-release
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: exclude empty env var value from replacement

Browse Source
This commit is contained in:
Pierre Vanduynslager 2018-02-18 17:15:15 -05:00
parent 857d4180e9
commit 20246c02b1
2 changed files with 19 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/hide-sensitive.js
View File

@ -1,6 +1,9 @@
const {escapeRegExp} = require('lodash'); const {escapeRegExp} = require('lodash');
const toReplace = Object.keys(process.env).filter(envVar => /token|password|credential|secret|private/i.test(envVar)); const toReplace = Object.keys(process.env).filter(
envVar => /token|password|credential|secret|private/i.test(envVar) && process.env[envVar].trim()
);
const regexp = new RegExp(toReplace.map(envVar => escapeRegExp(process.env[envVar])).join('|'), 'g'); const regexp = new RegExp(toReplace.map(envVar => escapeRegExp(process.env[envVar])).join('|'), 'g');
module.exports = output => { module.exports = output => {

15
test/hide-sensitive.test.js
View File

@ -40,3 +40,18 @@ test.serial('Accept "undefined" input', t => {
test.serial('Return same string if no environment variable has to be replaced', t => { test.serial('Return same string if no environment variable has to be replaced', t => {
t.is(require('../lib/hide-sensitive')('test'), 'test'); t.is(require('../lib/hide-sensitive')('test'), 'test');
}); });
test.serial('Exclude empty environment variables from the regexp', t => {
process.env.SOME_PASSWORD = 'password';
process.env.SOME_TOKEN = '';
t.is(
require('../lib/hide-sensitive')(`https://user:${process.env.SOME_PASSWORD}@host.com?token=`),
'https://user:[secure]@host.com?token='
);
});
test.serial('Exclude empty environment variables from the regexp if there is only empty ones', t => {
process.env.SOME_PASSWORD = '';
process.env.SOME_TOKEN = ' \n ';
t.is(require('../lib/hide-sensitive')(`https://host.com?token=`), 'https://host.com?token=');
});