feat: logSensitive, capture warnings

messages/messages.md

@@ -0,0 +1,3 @@
+# warning.security
+
+This command will expose sensitive information that allows for subsequent activity using your current authenticated session. Sharing this information is equivalent to logging someone in under the current credential, resulting in unintended access and escalation of privilege. For additional information, please review the authorization section of the https://developer.salesforce.com/docs/atlas.en-us.234.0.sfdx_dev.meta/sfdx_dev/sfdx_dev_auth_web_flow.htm

package.json

@@ -37,7 +37,7 @@
     }
   },
   "dependencies": {
-    "@oclif/core": "^0.5.39",
+    "@oclif/core": "^0.5.41",
     "@salesforce/core": "^3.6.2",
     "@salesforce/kit": "^1.5.17",
     "@salesforce/ts-types": "^1.5.20",

src/sfCommand.ts

@@ -5,6 +5,10 @@
  * For full license text, see LICENSE.txt file in the repo root or https://opensource.org/licenses/BSD-3-Clause
  */
 import { Command, HelpSection, Interfaces } from '@oclif/core';
+import { Messages } from '@salesforce/core';
+
+Messages.importMessagesDirectory(__dirname);
+const messages = Messages.loadMessages('@salesforce/sf-plugins-core', 'messages');
 
 export interface SfCommandInterface extends Interfaces.Command {
   configurationVariablesSection?: HelpSection;
@@ -26,38 +30,70 @@ export abstract class SfCommand<T> extends Command {
   public static configurationVariablesSection?: HelpSection;
   public static envVariablesSection?: HelpSection;
   public static errorCodes?: HelpSection;
+  public static exposesSensitiveInfo?: boolean;
+
+  private warnings: SfCommand.Warning[] = [];
+
+  /**
+   * Log warning to users. If --json is enabled, then the warning
+   * will be added to the json output under the warnings property.
+   */
+  public warn(input: SfCommand.Warning): SfCommand.Warning {
+    const warning = super.warn(input) as SfCommand.Warning;
+    this.warnings.push(warning);
+    return input;
+  }
 
+  /**
+   * Warn user about sensitive information (access tokens, etc...) before
+   * logging to the console.
+   */
+  public logSensitive(msg: string): void {
+    this.warn(messages.getMessage('warning.security'));
+    this.log(msg);
+  }
+
+  /**
+   * Wrap the command result into the standardized JSON structure.
+   */
   protected toSuccessJson(result: T): SfCommand.Json<T> {
     return {
       status: process.exitCode ?? 0,
       result,
+      warnings: this.warnings,
     };
   }
 
+  /**
+   * Wrap the command error into the standardized JSON structure.
+   */
   protected toErrorJson(error: Error): SfCommand.Error {
     return {
       status: process.exitCode ?? 1,
       stack: error.stack,
       name: error.name,
       message: error.message,
+      warnings: this.warnings,
     };
   }
 
   public abstract run(): Promise<T>;
 }
 
 export namespace SfCommand {
+  export type Warning = string | Error;
+
   export interface Json<T> {
     status: number;
     result: T;
-    warnings?: string[];
+    warnings?: Warning[];
   }
 
   export interface Error {
     status: number;
     name: string;
     message: string;
     stack: string | undefined;
-    warnings?: string[];
+    warnings?: Warning[];
   }
 }

yarn.lock

@@ -430,10 +430,10 @@
     is-wsl "^2.1.1"
     tslib "^2.0.0"
 
-"@oclif/core@^0.5.39":
-  version "0.5.39"
-  resolved "https://registry.yarnpkg.com/@oclif/core/-/core-0.5.39.tgz#d00705f31c5e6617145e84bb9dd50156cf3b01c5"
-  integrity sha512-4XusxLX8PnHDQxtRP25PImlkIj1Mlx6wt0NWb1FxQGvTJOAgXGJZl3YB02ZeXZLYbeKA2A3AqqxFTTKbADnZng==
+"@oclif/core@^0.5.41":
+  version "0.5.41"
+  resolved "https://registry.npmjs.org/@oclif/core/-/core-0.5.41.tgz#54ab600b1b6017f3849e629401eafd4f4e3a5c2e"
+  integrity sha512-zEYbpxSQr80t7MkLMHOmZr8QCrCIbVrI7fLSZWlsvD2AEM0vvzuhWymjo9/kHy2/kNfxwu7NTI4i2a0zoHu11w==
   dependencies:
     "@oclif/linewrap" "^1.0.0"
     chalk "^4.1.0"