Encrypt errors before raising them

These errors will bleed out of the IRB realms and they can reveal encrypted information. Fixes ##98
basecamp · Sep 24, 2023 · 0498b35 · 0498b35
1 parent d35ac2b
commit 0498b35
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 0 deletions.
diff --git a/lib/console1984/command_executor.rb b/lib/console1984/command_executor.rb
@@ -29,6 +29,8 @@ def execute(commands, &block)
     # We detected that a forbidden command was executed. We exit IRB right away.
     flag_suspicious(commands, error: error)
     Console1984.supervisor.exit_irb
+  rescue => error
+    raise encrypting_error(error)
   ensure
     run_as_system { session_logger.after_executing commands }
   end
@@ -97,4 +99,16 @@ def run_command(run_by_user, &block)
     ensure
       @executing_user_command = original_value
     end
+
+    def encrypting_error(error)
+      def error.inspect
+        Console1984.command_executor.execute_in_protected_mode { super }
+      end
+
+      def error.to_s
+        Console1984.command_executor.execute_in_protected_mode { super }
+      end
+
+      error
+    end
 end
diff --git a/test/encryption_test.rb b/test/encryption_test.rb
@@ -72,6 +72,22 @@ class EncryptionTest < ActiveSupport::TestCase
     assert_equal "Other name", @person.reload.name
   end
 
+  test "does not reveal attributes when raising errors" do
+    error = nil
+
+    begin
+      @console.execute <<~RUBY
+        Person.find(#{@person.id}).method_that_does_not_exist
+      RUBY
+    rescue => e
+      error = e
+    end
+
+    assert_not_nil error
+    assert_not_includes error.inspect.remove(@person.email), @person.name
+    assert_not_includes error.to_s.remove(@person.email), @person.name
+  end
+
   private
     def execute_decrypt_and_enter_reason
       type_when_prompted "I need to fix encoding issue with Message 123456" do