feat(logging): Redact additional types of sensitive data from debug l…

…ogs (#5254) * feat(logging): Redact additional types of sensitive data from debug logs * chore: udpate gaf * chore: udpate gaf to final version * test: adapt test success criteria and move fixture
snyk · May 28, 2024 · 056cdab · 056cdab
1 parent fdcf30e
commit 056cdab
Show file tree

Hide file tree

Showing 5 changed files with 51 additions and 11 deletions.
diff --git a/cliv2/go.mod b/cliv2/go.mod
@@ -14,10 +14,10 @@ require (
 	github.com/snyk/cli-extension-iac-rules v0.0.0-20240422133948-ae17a4306672
 	github.com/snyk/cli-extension-sbom v0.0.0-20240523084359-a2830fadb001
 	github.com/snyk/container-cli v0.0.0-20240322120441-6d9b9482f9b1
-	github.com/snyk/go-application-framework v0.0.0-20240523122731-0eaffbc5ba8c
+	github.com/snyk/go-application-framework v0.0.0-20240527123353-c7245f912464
 	github.com/snyk/go-httpauth v0.0.0-20240307114523-1f5ea3f55c65
 	github.com/snyk/snyk-iac-capture v0.6.5
-	github.com/snyk/snyk-ls v0.0.0-20240521114551-bdeb64d058c9
+	github.com/snyk/snyk-ls v0.0.0-20240524141328-ca2e2955918a
 	github.com/spf13/cobra v1.7.0
 	github.com/spf13/pflag v1.0.5
 	github.com/stretchr/testify v1.9.0

diff --git a/cliv2/go.sum b/cliv2/go.sum
@@ -723,8 +723,6 @@ github.com/snyk/cli-extension-dep-graph v0.0.0-20240426125928-8d56ac52821e h1:j1
 github.com/snyk/cli-extension-dep-graph v0.0.0-20240426125928-8d56ac52821e/go.mod h1:QF3v8HBpOpyudYNCuR8LqfULutO76c91sBdLzD+pBJU=
 github.com/snyk/cli-extension-iac-rules v0.0.0-20240422133948-ae17a4306672 h1:AkLej8Lk//vFex1fiygSYFrQTUd0xP+GyRbsI+m2kwQ=
 github.com/snyk/cli-extension-iac-rules v0.0.0-20240422133948-ae17a4306672/go.mod h1:2vKTUsW73sVbDcyD19iNLfN0so2GSu9BE3k/fqG0mjA=
-github.com/snyk/cli-extension-sbom v0.0.0-20240426130148-b83c2ebc75c4 h1:nLbplrdYB4ljdFSnpmw2rCqmBVxHcvZOFEqc8JF9OQc=
-github.com/snyk/cli-extension-sbom v0.0.0-20240426130148-b83c2ebc75c4/go.mod h1:lqmQT+QdzLdfi7qsqIH4qvCsSWu+P09GDFwQcmFfC0g=
 github.com/snyk/cli-extension-sbom v0.0.0-20240523084359-a2830fadb001 h1:EP9cL93+Lqw/wP/C80Sx+pyMYrqQY2NiuLDrad0lZ9w=
 github.com/snyk/cli-extension-sbom v0.0.0-20240523084359-a2830fadb001/go.mod h1:lqmQT+QdzLdfi7qsqIH4qvCsSWu+P09GDFwQcmFfC0g=
 github.com/snyk/code-client-go v1.5.5 h1:YHgNvh17jVTuSvPVMoeNuDn40z1qb99EfXva/sSRCMw=
@@ -733,18 +731,16 @@ github.com/snyk/container-cli v0.0.0-20240322120441-6d9b9482f9b1 h1:9RKY9NdX5DrJ
 github.com/snyk/container-cli v0.0.0-20240322120441-6d9b9482f9b1/go.mod h1:38w+dcAQp9eG3P5t2eNS9eG0reut10AeJjLv5lJ5lpM=
 github.com/snyk/error-catalog-golang-public v0.0.0-20240425141803-2516e42296c3 h1:ZUaY5LIVGQ0GScf1SsaqvUxaiGbBKgBBLsQUgB4Zx5o=
 github.com/snyk/error-catalog-golang-public v0.0.0-20240425141803-2516e42296c3/go.mod h1:Ytttq7Pw4vOCu9NtRQaOeDU2dhBYUyNBe6kX4+nIIQ4=
-github.com/snyk/go-application-framework v0.0.0-20240521161436-03b01ff08065 h1:uwOtMcz4VlBoyRV43LcIm3ZNVkHYIpnAGmll6KN+13w=
-github.com/snyk/go-application-framework v0.0.0-20240521161436-03b01ff08065/go.mod h1:5gvF6i1sqmk1oN21ZbX/EDaEyQtPMfK1pbYCwtS+Fvw=
-github.com/snyk/go-application-framework v0.0.0-20240523122731-0eaffbc5ba8c h1:WhVLgZeuJ8uo2Ifit5uhsaQIGezdOAUv6kLKVlm7TTE=
-github.com/snyk/go-application-framework v0.0.0-20240523122731-0eaffbc5ba8c/go.mod h1:5gvF6i1sqmk1oN21ZbX/EDaEyQtPMfK1pbYCwtS+Fvw=
+github.com/snyk/go-application-framework v0.0.0-20240527123353-c7245f912464 h1:ObGPhWY5v1lCfoM+hNbRKSem1jzf8Lg7dNVIDzdQgXE=
+github.com/snyk/go-application-framework v0.0.0-20240527123353-c7245f912464/go.mod h1:5gvF6i1sqmk1oN21ZbX/EDaEyQtPMfK1pbYCwtS+Fvw=
 github.com/snyk/go-httpauth v0.0.0-20240307114523-1f5ea3f55c65 h1:CEQuYv0Go6MEyRCD3YjLYM2u3Oxkx8GpCpFBd4rUTUk=
 github.com/snyk/go-httpauth v0.0.0-20240307114523-1f5ea3f55c65/go.mod h1:88KbbvGYlmLgee4OcQ19yr0bNpXpOr2kciOthaSzCAg=
 github.com/snyk/policy-engine v0.30.11 h1:wUy5LMar2vccMbNM62MSBRdjAQAhAbIm7aNXXO+g2tk=
 github.com/snyk/policy-engine v0.30.11/go.mod h1:O6nwYXbb+SNDrYVWBwkieOwVuwXNKBHuXLm//fLz9Dw=
 github.com/snyk/snyk-iac-capture v0.6.5 h1:992DXCAJSN97KtUh8T5ndaWwd/6ZCal2bDkRXqM1u/E=
 github.com/snyk/snyk-iac-capture v0.6.5/go.mod h1:e47i55EmM0F69ZxyFHC4sCi7vyaJW6DLoaamJJCzWGk=
-github.com/snyk/snyk-ls v0.0.0-20240521114551-bdeb64d058c9 h1:VXMcE6du8Wxr45YRg8SWRtjEDDTketyZOSk/0M3HoO0=
-github.com/snyk/snyk-ls v0.0.0-20240521114551-bdeb64d058c9/go.mod h1:J4dXMRdjCAKlIUXy4cRnWJbpqyVFdJEKBCNi7TF1TXE=
+github.com/snyk/snyk-ls v0.0.0-20240524141328-ca2e2955918a h1:gyBHLXoyaaGRCcqBn3j+vS+aPx1Bztiq2dFOwa/vkK4=
+github.com/snyk/snyk-ls v0.0.0-20240524141328-ca2e2955918a/go.mod h1:I+/WSOQkvoGFAIzIu0bNiva45pnhPa0daojqudcU8s8=
 github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo=
 github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0=
 github.com/sourcegraph/go-lsp v0.0.0-20240223163137-f80c5dd31dfd h1:Dq5WSzWsP1TbVi10zPWBI5LKEBDg4Y1OhWEph1wr5WQ=

diff --git a/test/fixtures/cocoapods-app/Podfile b/test/fixtures/cocoapods-app/Podfile
@@ -0,0 +1,4 @@
+target 'SampleApp' do
+  platform :ios, '6.0'
+  pod 'Reachability', '3.1.0'
+end
diff --git a/test/fixtures/cocoapods-app/Podfile.lock b/test/fixtures/cocoapods-app/Podfile.lock
@@ -0,0 +1,14 @@
+PODS:
+  - Reachability (3.1.0)
+
+DEPENDENCIES:
+  - Reachability (= 3.1.0)
+
+SPEC REPOS:
+  trunk:
+    - Reachability
+
+SPEC CHECKSUMS:
+  Reachability: 3c8fe9643e52184d17f207e781cd84158da8c02b
+
+PODFILE CHECKSUM: eef52b2296b88c87f94cf0f232f010176b9f11cd
diff --git a/test/jest/acceptance/debuglog.spec.ts b/test/jest/acceptance/debuglog.spec.ts
@@ -1,5 +1,8 @@
 import { runSnykCLI } from '../util/runSnykCLI';
-import { createProjectFromWorkspace } from '../util/createProject';
+import {
+  createProject,
+  createProjectFromWorkspace,
+} from '../util/createProject';
 
 jest.setTimeout(1000 * 60);
 
@@ -16,10 +19,12 @@ describe('debug log', () => {
         DEBUG: '*',
         SNYK_LOG_LEVEL: 'trace',
         SNYK_TOKEN: token,
+        HTTP_PROXY: 'http://user:password@myproxy.com',
       },
     });
 
     expect(stderr).not.toContain(token);
+    expect(stderr).not.toContain('http://user:password@myproxy.com');
   });
 
   it('redacts token from config file', async () => {
@@ -41,4 +46,25 @@ describe('debug log', () => {
     expect(expectedToken).not.toBeFalsy();
     expect(stderr).not.toContain(expectedToken);
   });
+
+  it('redacts externally injected bearer token', async () => {
+    const project = await createProject('cocoapods-app');
+
+    const expectedToken = 'my-bearer-token';
+
+    const { stderr } = await runSnykCLI('test -d', {
+      cwd: project.path(),
+      env: {
+        ...process.env,
+        SNYK_DISABLE_ANALYTICS: '1',
+        DEBUG: '*',
+        SNYK_LOG_LEVEL: 'trace',
+        SNYK_OAUTH_TOKEN: expectedToken,
+      },
+    });
+
+    expect(expectedToken).not.toBeFalsy();
+    expect(stderr).not.toContain(expectedToken);
+    expect(stderr).toContain('Bearer ***');
+  });
 });