fix: escape uri encoded symbols (#1697)

2020-11-19 22:55:09 +03:00 · 2020-11-19 22:55:09 +03:00 · f8f8fbcac4
commit f8f8fbcac4
parent c8d38b6258
2 changed files with 9 additions and 1 deletions
--- a/lib/hide-sensitive.js
+++ b/lib/hide-sensitive.js
@ -12,7 +12,7 @@ module.exports = (env) => {
  });

  const regexp = new RegExp(
-    toReplace.map((envVar) => `${escapeRegExp(env[envVar])}|${encodeURI(escapeRegExp(env[envVar]))}`).join('|'),
+    toReplace.map((envVar) => `${escapeRegExp(env[envVar])}|${escapeRegExp(encodeURI(env[envVar]))}`).join('|'),
    'g'
  );
  return (output) =>
--- a/test/hide-sensitive.test.js
+++ b/test/hide-sensitive.test.js
@ -40,6 +40,14 @@ test('Escape regexp special characters', (t) => {
  );
 });

+test('Escape regexp special characters in url-encoded environment variable', (t) => {
+  const env = {SOME_PASSWORD: 'secret password p$^{.+}\\w[a-z]o.*rd)('};
+  t.is(
+    hideSensitive(env)(`https://user:${encodeURI(env.SOME_PASSWORD)}@host.com`),
+    `https://user:${SECRET_REPLACEMENT}@host.com`
+  );
+});
+
 test('Accept "undefined" input', (t) => {
  t.is(hideSensitive({})(), undefined);
 });