Skip to content
Permalink
Browse files
fix: escape uri encoded symbols (#1697)
  • Loading branch information
dekhanov committed Nov 19, 2020
1 parent c8d38b6 commit f8f8fbcac47aa3c8c0c9b5f3a8738957934cc86c
Showing with 9 additions and 1 deletion.
  1. +1 −1 lib/hide-sensitive.js
  2. +8 −0 test/hide-sensitive.test.js
@@ -12,7 +12,7 @@ module.exports = (env) => {
});

const regexp = new RegExp(
toReplace.map((envVar) => `${escapeRegExp(env[envVar])}|${encodeURI(escapeRegExp(env[envVar]))}`).join('|'),
toReplace.map((envVar) => `${escapeRegExp(env[envVar])}|${escapeRegExp(encodeURI(env[envVar]))}`).join('|'),
'g'
);
return (output) =>
@@ -40,6 +40,14 @@ test('Escape regexp special characters', (t) => {
);
});

test('Escape regexp special characters in url-encoded environment variable', (t) => {
const env = {SOME_PASSWORD: 'secret password p$^{.+}\\w[a-z]o.*rd)('};
t.is(
hideSensitive(env)(`https://user:${encodeURI(env.SOME_PASSWORD)}@host.com`),
`https://user:${SECRET_REPLACEMENT}@host.com`
);
});

test('Accept "undefined" input', (t) => {
t.is(hideSensitive({})(), undefined);
});

0 comments on commit f8f8fbc

Please sign in to comment.