Skip to content

feat: scrub secrets containing whitespace#4772

Merged
dolanor merged 9 commits into
dagger:mainfrom
dolanor:secret-whitespace-scrub
Mar 29, 2023
Merged

feat: scrub secrets containing whitespace#4772
dolanor merged 9 commits into
dagger:mainfrom
dolanor:secret-whitespace-scrub

Conversation

@dolanor
Copy link
Copy Markdown
Contributor

@dolanor dolanor commented Mar 16, 2023
edited
Loading

The implementation is simple.

It leaks some meta information: the number of lines contained in the secret. Each line of secret data will be replaced by ***.

@dolanor dolanor marked this pull request as draft March 16, 2023 10:22
@dolanor dolanor force-pushed the secret-whitespace-scrub branch from da3ed1a to 2289128 Compare March 16, 2023 15:46
@dolanor dolanor linked an issue Mar 21, 2023 that may be closed by this pull request
🐞 secrets with whitespace are not scrubbed (yet) #4608
Closed
@dolanor dolanor force-pushed the secret-whitespace-scrub branch 2 times, most recently from 7881422 to 9425b4f Compare March 27, 2023 13:39
@dolanor dolanor requested review from jlongtine and vito March 27, 2023 13:39
@dolanor dolanor marked this pull request as ready for review March 28, 2023 07:46
@dolanor dolanor force-pushed the secret-whitespace-scrub branch 2 times, most recently from a9f8572 to 7a588ec Compare March 28, 2023 14:59
jlongtine
jlongtine approved these changes Mar 28, 2023
View reviewed changes
Copy link
Copy Markdown
Contributor

@jlongtine jlongtine left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dolanor Looks good! I'm a bit worried about the performance of scrubSecretBytes, but I think we can improve that search + replace algorithm with something more performant when the time comes.

@dolanor dolanor force-pushed the secret-whitespace-scrub branch 2 times, most recently from 1ea9823 to 0ce5c1d Compare March 29, 2023 14:49
dolanor added 9 commits March 29, 2023 23:06
@dolanor
feat: scrub secrets with whitespace (WIP)
441b30f 
Signed-off-by: Tanguy ⧓ Herrmann <tanguy@dagger.io>
@dolanor
scrub secrets with pre and post whitespaces
5bd204a 
Signed-off-by: Tanguy ⧓ Herrmann <tanguy@dagger.io>
@dolanor
add integration test for good whitespace scrubbing
d290af3 
Signed-off-by: Tanguy ⧓ Herrmann <tanguy@dagger.io>
@dolanor
remove concourse implementation WIP
14ed07b 
Signed-off-by: Tanguy ⧓ Herrmann <tanguy@dagger.io>
@dolanor
add test keys
450527f 
Signed-off-by: Tanguy ⧓ Herrmann <tanguy@dagger.io>
@dolanor
disable typecheck false positive
2cf6e17 
Signed-off-by: Tanguy ⧓ Herrmann <tanguy@dagger.io>
@dolanor
remove useless dangling field
07148c2 
Signed-off-by: Tanguy ⧓ Herrmann <tanguy@dagger.io>
@dolanor
don't comment next to nolint
995e8d7 
Signed-off-by: Tanguy ⧓ Herrmann <tanguy@dagger.io>
@dolanor
multiline scrub
f15b065 
Signed-off-by: Tanguy ⧓ Herrmann <tanguy@dagger.io>
@dolanor dolanor force-pushed the secret-whitespace-scrub branch from 0ce5c1d to f15b065 Compare March 29, 2023 21:06
@dolanor dolanor merged commit f736354 into dagger:main Mar 29, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vito vito Awaiting requested review from vito

1 more reviewer

@jlongtine jlongtine jlongtine approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

🐞 secrets with whitespace are not scrubbed (yet)

2 participants

@dolanor @jlongtine