simon/semantic-release
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: also hide sensitive info when loggin from cli.js

Browse Source
This commit is contained in:
Pierre Vanduynslager 2018-07-30 13:58:35 -04:00
parent b2d82c2ccb
commit 43d0646150
3 changed files with 19 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
cli.js
View File

@ -1,4 +1,6 @@
const {argv} = require('process'); const {argv, env, stderr} = require('process');
const util = require('util');
const hideSensitive = require('./lib/hide-sensitive');
const stringList = { const stringList = {
type: 'string', type: 'string',
@ -57,7 +59,7 @@ Usage:
return 0; return 0;
} catch (err) { } catch (err) {
if (err.name !== 'YError') { if (err.name !== 'YError') {
console.error(err); stderr.write(hideSensitive(env)(util.inspect(err, {colors: true})));
} }
return 1; return 1;
} }

4
lib/hide-sensitive.js
View File

@ -7,7 +7,5 @@ module.exports = env => {
); );
const regexp = new RegExp(toReplace.map(envVar => escapeRegExp(env[envVar])).join('|'), 'g'); const regexp = new RegExp(toReplace.map(envVar => escapeRegExp(env[envVar])).join('|'), 'g');
return output => { return output => (output && toReplace.length > 0 ? output.toString().replace(regexp, SECRET_REPLACEMENT) : output);
return output && toReplace.length > 0 ? output.toString().replace(regexp, SECRET_REPLACEMENT) : output;
};
}; };

14
test/cli.test.js
View File

@ -1,6 +1,8 @@
import test from 'ava'; import test from 'ava';
import {escapeRegExp} from 'lodash';
import proxyquire from 'proxyquire'; import proxyquire from 'proxyquire';
import {stub} from 'sinon'; import {stub} from 'sinon';
import {SECRET_REPLACEMENT} from '../lib/definitions/constants';
const requireNoCache = proxyquire.noPreserveCache(); const requireNoCache = proxyquire.noPreserveCache();
@ -208,3 +210,15 @@ test.serial('Return error code if semantic-release throw error', async t => {
t.regex(t.context.errors, /semantic-release error/); t.regex(t.context.errors, /semantic-release error/);
t.is(exitCode, 1); t.is(exitCode, 1);
}); });
test.serial('Hide sensitive environment variable values from the logs', async t => {
const env = {MY_TOKEN: 'secret token'};
const run = stub().rejects(new Error(`Throw error: Exposing token ${env.MY_TOKEN}`));
const argv = ['', ''];
const cli = requireNoCache('../cli', {'.': run, process: {...process, argv, env: {...process.env, ...env}}});
const exitCode = await cli();
t.regex(t.context.errors, new RegExp(`Throw error: Exposing token ${escapeRegExp(SECRET_REPLACEMENT)}`));
t.is(exitCode, 1);
});