Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent outputing secrets to PS console #57

Closed
7 tasks done
sayedihashimi opened this issue Apr 19, 2015 · 2 comments
Closed
7 tasks done

Prevent outputing secrets to PS console #57

sayedihashimi opened this issue Apr 19, 2015 · 2 comments
Assignees
@sayedihashimi
Labels
approved must-fix-before-next-release

Comments

@sayedihashimi
Copy link
Member

We should have a way to prevent secrets from getting displayed in the PS console. This can be achieved by overriding the PS output functions. The ones I can think of are:

  • Output-Default
  • Write-Output
  • Write-Host
  • Write-Debug
  • Write-Error
  • Write-Warning
  • Write-Verbose

Here is a basic sample showing how to do this.

'executing test.ps1' | Write-Output


function Out-Default{
    [cmdletbinding(ConfirmImpact='Medium')]
    param(
        [Parameter(ValueFromPipeline=$true)]
        [System.Management.Automation.PSObject]$InputObject
    )
    begin{
        $wrappedObject = $ExecutionContext.InvokeCommand.GetCmdlet('Out-Default')
        $sb = { & $wrappedObject @PSBoundParameters }
        $__sp = $sb.GetSteppablePipeline()
        $__sp.Begin($pscmdlet)
    }
    process{
        $__sp.Process('***' + $_)
    }
    end{
        $__sp.End()
    }
}


function Write-Host{
    [cmdletbinding(ConfirmImpact='Medium')]
    param(
        [Parameter(ValueFromPipeline=$true)]
        [System.Management.Automation.PSObject]$InputObject
    )
    begin{
        $wrappedObject = $ExecutionContext.InvokeCommand.GetCmdlet('Write-Host')
        $sb = { & $wrappedObject @PSBoundParameters }
        $__sp = $sb.GetSteppablePipeline()
        $__sp.Begin($pscmdlet)
    }
    process{
        $__sp.Process('***' + $_)
    }
    end{
        $__sp.End()
    }
}


function Write-Output{
    [cmdletbinding(ConfirmImpact='Medium')]
    param(
        [Parameter(ValueFromPipeline=$true)]
        [System.Management.Automation.PSObject]$InputObject
    )
    begin{
        $wrappedObject = $ExecutionContext.InvokeCommand.GetCmdlet('Write-Host')
        $sb = { & $wrappedObject @PSBoundParameters }
        $__sp = $sb.GetSteppablePipeline()
        $__sp.Begin($pscmdlet)
    }
    process{
        $__sp.Process('***' + $_)
    }
    end{
        $__sp.End()
    }
}


'test' | out-default
'http://sedodream.com' | Out-Default
'foo'|Write-Output
'bar'|Write-Host
@sayedihashimi sayedihashimi self-assigned this Apr 19, 2015
@sayedihashimi
Copy link
Member Author

Here is a more generic example

'executing test.ps1' | Write-Output

$strOutputOverrideFnFormatStr = @'
    [cmdletbinding(ConfirmImpact='Medium')]
    param(
        [Parameter(ValueFromPipeline=$true)]
        [System.Management.Automation.PSObject]$InputObject
    )
    begin{
        $wrappedObject = $ExecutionContext.InvokeCommand.GetCmdlet('<name>')
        $sb = { & $wrappedObject @PSBoundParameters }
        $__sp = $sb.GetSteppablePipeline()
        $__sp.Begin($pscmdlet)
    }
    process{
        $__sp.Process('***' + $_)
    }
    end{
        $__sp.End()
    }
'@

$writeFunctionsToCreate = 'Out-Default','Write-Output','Write-Host','Write-Debug','Write-Error','Write-Warning','Write-Verbose'
$fnFormatStr = '${function:<fnname>} = ([scriptblock]::Create($strOutputOverrideFnFormatStr.Replace("<name>","<fnname>")))'
$writeFunctionsToCreate | % {
    $fnFormatStr.Replace('<fnname>',$_)|iex    
}

'out-default test' | out-default
'write-output test' | Write-Output
'write-host test' | Write-Host
'write-Debug test' | Write-Debug
'Write-Verbose test' | Write-Verbose
'write-warning test' | Write-Warning
'Write-Error' | Write-Error

sayedihashimi added a commit that referenced this issue Apr 19, 2015
@sayedihashimi
Updating to filter secrets #57
c72a28f
@sayedihashimi
Copy link
Member Author

Should be supported in c72a28f. Need to add unit tests.

sayedihashimi added a commit that referenced this issue Apr 20, 2015
@sayedihashimi
adding unittests for masking secrets #57
edb249c
sayedihashimi added a commit that referenced this issue Apr 22, 2015
@sayedihashimi
fixing appveyor if stmts and test cases for filter string #57 #55
304428c
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sayedihashimi sayedihashimi

Labels
approved must-fix-before-next-release
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sayedihashimi