Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ensure sensitive details are never logged via CallStack #247

Merged
merged 4 commits into from
Mar 27, 2024
Merged

Ensure sensitive details are never logged via CallStack #247

merged 4 commits into from
Mar 27, 2024

Conversation

confused-Techie
Copy link
Member

@confused-Techie confused-Techie commented Feb 20, 2024
edited
Loading

Requirements

  • Filling out the template is required.

  • All new code requires tests to ensure against regressions.

    • However, if your PR contains zero code changes, feel free to select the checkmark below to indicate so.

  • Have you ran tests against this code?

  • This PR contains zero code changes.

Description of the Change

This PR adds much more logic to ensure sensitive details are never logged via CallStack.

meadowsys
meadowsys reviewed Feb 20, 2024
View reviewed changes
src/models/callStack.js Outdated Show resolved Hide resolved
meadowsys
meadowsys reviewed Feb 20, 2024
View reviewed changes
src/models/callStack.js Outdated Show resolved Hide resolved
meadowsys
meadowsys reviewed Feb 20, 2024
View reviewed changes
src/models/callStack.js Outdated Show resolved Hide resolved
meadowsys
meadowsys reviewed Feb 20, 2024
View reviewed changes
Copy link
Member

@meadowsys meadowsys left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

apparently i need to write a comment in this comment box to finish the rest, huh, didn't know that! :p

except the part about tokens being embedded within larger strings, everything looks good!

@meadowsys
Copy link
Member

actually thought... there are likely purpose built libraries that search/mask strings for all sorts of tokens, perhaps that would be better for us to build CallStack on top of?

@confused-Techie
Copy link
Member Author

@meadowsys I do like your idea for finding something that can be used here, which I was able to find hide-secrets on NPM, which does essentially what we already are doing with less flexibility (as far as I can tell), so maybe we can just grab the extra list of items they check for and add them here.

The other thing I'd be interested in is finding the source of whatever GitHub Actions uses for this exact same purpose, since I know GitHub has a partner program with a much longer list, so I wonder if that code is public

@confused-Techie
Copy link
Member Author

@meadowsys I've gone ahead and implemented your suggestions if there's anything else you spot

@confused-Techie confused-Techie merged commit ccb9989 into main Mar 27, 2024
6 checks passed
@confused-Techie confused-Techie deleted the additional-safety-filters branch March 27, 2024 23:10
@confused-Techie confused-Techie mentioned this pull request Mar 29, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@meadowsys meadowsys meadowsys left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@confused-Techie @meadowsys