Skip to content
Snippets Groups Projects
Unverified Commit 90e5182b authored by Rhys Arkins's avatar Rhys Arkins Committed by GitHub
Browse files

refactor: split global/repo sanitizations (#14635)

parent 010b8d81
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
lib/modules/platform/azure/util.ts
+ 1
1
View file @ 90e5182b
...@@ -142,7 +142,7 @@ export function getStorageExtraCloneOpts(config: HostRule): GitOptions { ...@@ -142,7 +142,7 @@ export function getStorageExtraCloneOpts(config: HostRule): GitOptions {
authType = 'bearer'; authType = 'bearer';
authValue = config.token; authValue = config.token;
} }
addSecretForSanitizing(authValue); addSecretForSanitizing(authValue, 'global');
return { return {
'-c': `http.extraheader=AUTHORIZATION: ${authType} ${authValue}`, '-c': `http.extraheader=AUTHORIZATION: ${authType} ${authValue}`,
}; };
......
lib/util/sanitize.spec.ts
+ 1
1
View file @ 90e5182b
...@@ -19,7 +19,7 @@ describe('util/sanitize', () => { ...@@ -19,7 +19,7 @@ describe('util/sanitize', () => {
const token = '123testtoken'; const token = '123testtoken';
const username = 'userabc'; const username = 'userabc';
const password = 'password123'; const password = 'password123';
addSecretForSanitizing(token); addSecretForSanitizing(token, 'global');
const hashed = toBase64(`${username}:${password}`); const hashed = toBase64(`${username}:${password}`);
addSecretForSanitizing(hashed); addSecretForSanitizing(hashed);
addSecretForSanitizing(password); addSecretForSanitizing(password);
......
lib/util/sanitize.ts
+ 12
7
View file @ 90e5182b
import is from '@sindresorhus/is'; import is from '@sindresorhus/is';
import { toBase64 } from './string'; import { toBase64 } from './string';
const secrets = new Set<string>(); const globalSecrets = new Set<string>();
const repoSecrets = new Set<string>();
export const redactedFields = [ export const redactedFields = [
'authorization', 'authorization',
...@@ -21,20 +22,23 @@ export function sanitize(input: string): string { ...@@ -21,20 +22,23 @@ export function sanitize(input: string): string {
return input; return input;
} }
let output: string = input; let output: string = input;
secrets.forEach((secret) => { [globalSecrets, repoSecrets].forEach((secrets) => {
while (output.includes(secret)) { secrets.forEach((secret) => {
output = output.replace(secret, '**redacted**'); while (output.includes(secret)) {
} output = output.replace(secret, '**redacted**');
}
});
}); });
return output; return output;
} }
const GITHUB_APP_TOKEN_PREFIX = 'x-access-token:'; const GITHUB_APP_TOKEN_PREFIX = 'x-access-token:';
export function addSecretForSanitizing(secret: string): void { export function addSecretForSanitizing(secret: string, type = 'repo'): void {
if (!is.nonEmptyString(secret)) { if (!is.nonEmptyString(secret)) {
return; return;
} }
const secrets = type === 'repo' ? repoSecrets : globalSecrets;
secrets.add(secret); secrets.add(secret);
secrets.add(toBase64(secret)); secrets.add(toBase64(secret));
if (secret.startsWith(GITHUB_APP_TOKEN_PREFIX)) { if (secret.startsWith(GITHUB_APP_TOKEN_PREFIX)) {
...@@ -44,6 +48,7 @@ export function addSecretForSanitizing(secret: string): void { ...@@ -44,6 +48,7 @@ export function addSecretForSanitizing(secret: string): void {
} }
} }
export function clearSanitizedSecretsList(): void { export function clearSanitizedSecretsList(type = 'repo'): void {
const secrets = type === 'repo' ? repoSecrets : globalSecrets;
secrets.clear(); secrets.clear();
} }
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment