hannes/git-repo-manager
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Make sure we do not expose secrets in output

Browse Source 
This is using the RFC-8959 URI scheme to detect secrets. Thanks
hackernews for the idea ;)
This commit is contained in:
Hannes Körber
2022-05-27 23:37:54 +02:00
parent 90d188e01e
commit a71711978e
4 changed files with 18 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
e2e_tests/docker-rest/flask/github.py
View File

@@ -12,7 +12,7 @@ def check_headers():
app.logger.error("Invalid accept header") app.logger.error("Invalid accept header")
abort(500) abort(500)
auth_header = request.headers.get("authorization") auth_header = request.headers.get("authorization")
if auth_header != "token authtoken": if auth_header != "token secret-token:myauthtoken":
app.logger.error("Invalid authorization header: %s", auth_header) app.logger.error("Invalid authorization header: %s", auth_header)
abort( abort(
make_response( make_response(

2
e2e_tests/docker-rest/flask/gitlab.py
View File

@@ -12,7 +12,7 @@ def check_headers():
app.logger.error("Invalid accept header") app.logger.error("Invalid accept header")
abort(500) abort(500)
auth_header = request.headers.get("authorization") auth_header = request.headers.get("authorization")
if auth_header != "bearer authtoken": if auth_header != "bearer secret-token:myauthtoken":
app.logger.error("Invalid authorization header: %s", auth_header) app.logger.error("Invalid authorization header: %s", auth_header)
abort( abort(
make_response( make_response(

2
e2e_tests/helpers.py
View File

@@ -18,6 +18,8 @@ def grm(args, cwd=None, is_invalid=False):
print(f"grmcmd: {args}") print(f"grmcmd: {args}")
print(f"stdout:\n{cmd.stdout}") print(f"stdout:\n{cmd.stdout}")
print(f"stderr:\n{cmd.stderr}") print(f"stderr:\n{cmd.stderr}")
assert "secret-token:" not in cmd.stdout
assert "secret-token:" not in cmd.stderr
assert "panicked" not in cmd.stderr assert "panicked" not in cmd.stderr
return cmd return cmd

28
e2e_tests/test_repos_find_remote.py
View File

@@ -141,7 +141,7 @@ def test_repos_find_remote_no_filter(provider, configtype, default, use_config):
f.write( f.write(
f""" f"""
provider = "{provider}" provider = "{provider}"
token_command = "echo authtoken" token_command = "echo secret-token:myauthtoken"
root = "/myroot" root = "/myroot"
""" """
) )
@@ -157,7 +157,7 @@ def test_repos_find_remote_no_filter(provider, configtype, default, use_config):
"--provider", "--provider",
provider, provider,
"--token-command", "--token-command",
"echo authtoken", "echo secret-token:myauthtoken",
"--root", "--root",
"/myroot", "/myroot",
] ]
@@ -193,7 +193,7 @@ def test_repos_find_remote_user_empty(
with open(config.name, "w") as f: with open(config.name, "w") as f:
cfg = f""" cfg = f"""
provider = "{provider}" provider = "{provider}"
token_command = "echo authtoken" token_command = "echo secret-token:myauthtoken"
root = "/myroot" root = "/myroot"
[filters] [filters]
@@ -213,7 +213,7 @@ def test_repos_find_remote_user_empty(
"--provider", "--provider",
provider, provider,
"--token-command", "--token-command",
"echo authtoken", "echo secret-token:myauthtoken",
"--root", "--root",
"/myroot", "/myroot",
"--user", "--user",
@@ -264,7 +264,7 @@ def test_repos_find_remote_user(
with open(config.name, "w") as f: with open(config.name, "w") as f:
cfg = f""" cfg = f"""
provider = "{provider}" provider = "{provider}"
token_command = "echo authtoken" token_command = "echo secret-token:myauthtoken"
root = "/myroot" root = "/myroot"
""" """
@@ -300,7 +300,7 @@ def test_repos_find_remote_user(
"--provider", "--provider",
provider, provider,
"--token-command", "--token-command",
"echo authtoken", "echo secret-token:myauthtoken",
"--root", "--root",
"/myroot", "/myroot",
] ]
@@ -378,7 +378,7 @@ def test_repos_find_remote_group_empty(
with open(config.name, "w") as f: with open(config.name, "w") as f:
cfg = f""" cfg = f"""
provider = "{provider}" provider = "{provider}"
token_command = "echo authtoken" token_command = "echo secret-token:myauthtoken"
root = "/myroot" root = "/myroot"
""" """
@@ -403,7 +403,7 @@ def test_repos_find_remote_group_empty(
"--provider", "--provider",
provider, provider,
"--token-command", "--token-command",
"echo authtoken", "echo secret-token:myauthtoken",
"--root", "--root",
"/myroot", "/myroot",
"--group", "--group",
@@ -459,7 +459,7 @@ def test_repos_find_remote_group(
with open(config.name, "w") as f: with open(config.name, "w") as f:
cfg = f""" cfg = f"""
provider = "{provider}" provider = "{provider}"
token_command = "echo authtoken" token_command = "echo secret-token:myauthtoken"
root = "/myroot" root = "/myroot"
""" """
@@ -488,7 +488,7 @@ def test_repos_find_remote_group(
"--provider", "--provider",
provider, provider,
"--token-command", "--token-command",
"echo authtoken", "echo secret-token:myauthtoken",
"--root", "--root",
"/myroot", "/myroot",
"--group", "--group",
@@ -575,7 +575,7 @@ def test_repos_find_remote_user_and_group(
with open(config.name, "w") as f: with open(config.name, "w") as f:
cfg = f""" cfg = f"""
provider = "{provider}" provider = "{provider}"
token_command = "echo authtoken" token_command = "echo secret-token:myauthtoken"
root = "/myroot" root = "/myroot"
""" """
@@ -609,7 +609,7 @@ def test_repos_find_remote_user_and_group(
"--provider", "--provider",
provider, provider,
"--token-command", "--token-command",
"echo authtoken", "echo secret-token:myauthtoken",
"--root", "--root",
"/myroot", "/myroot",
"--group", "--group",
@@ -726,7 +726,7 @@ def test_repos_find_remote_owner(
with open(config.name, "w") as f: with open(config.name, "w") as f:
cfg = f""" cfg = f"""
provider = "{provider}" provider = "{provider}"
token_command = "echo authtoken" token_command = "echo secret-token:myauthtoken"
root = "/myroot" root = "/myroot"
""" """
@@ -761,7 +761,7 @@ def test_repos_find_remote_owner(
"--provider", "--provider",
provider, provider,
"--token-command", "--token-command",
"echo authtoken", "echo secret-token:myauthtoken",
"--root", "--root",
"/myroot", "/myroot",
"--access", "--access",