simon/semantic-release
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: mask secrets when characters get uri encoded

Browse Source
This commit is contained in:
Matt Travi 2020-11-07 00:19:32 -06:00 committed by Matt Travi
parent 63fa143023
commit ca90b34c4a
2 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
lib/hide-sensitive.js
View File

@ -11,7 +11,12 @@ module.exports = (env) => {
return /token|password|credential|secret|private/i.test(envVar) && size(env[envVar].trim()) >= SECRET_MIN_SIZE;
});
const regexp = new RegExp(toReplace.map((envVar) => escapeRegExp(env[envVar])).join('|'), 'g');
const regexp = new RegExp(
toReplace
.map((envVar) => `${escapeRegExp(env[envVar])}|${encodeURI(escapeRegExp(env[envVar]))}`)
.join('|'),
'g'
);
return (output) =>
output && isString(output) && toReplace.length > 0 ? output.toString().replace(regexp, SECRET_REPLACEMENT) : output;
};

8
test/hide-sensitive.test.js
View File

@ -24,6 +24,14 @@ test('Replace sensitive environment variable matching specific regex for "privat
t.is(hideSensitive(env)(`https://host.com?token=${env.privateKey}`), `https://host.com?token=${SECRET_REPLACEMENT}`);
});
test('Replace url-encoded environment variable', (t) => {
const env = {privateKey: 'secret '};
t.is(
hideSensitive(env)(`https://host.com?token=${encodeURI(env.privateKey)}`),
`https://host.com?token=${SECRET_REPLACEMENT}`
);
});
test('Escape regexp special characters', (t) => {
const env = {SOME_CREDENTIALS: 'p$^{.+}\\w[a-z]o.*rd'};
t.is(