Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(logging): Redact additional types of sensitive data from debug logs #5254

Merged
merged 5 commits into from
May 28, 2024
Merged

feat(logging): Redact additional types of sensitive data from debug logs #5254

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
b751589
feat(logging): Redact additional types of sensitive data from debug logs
PeterSchafer May 24, 2024
50ce68a
chore: udpate gaf
PeterSchafer May 27, 2024
4b71e67
chore: udpate gaf to final version
PeterSchafer May 27, 2024
4530afb
test: adapt test success criteria and move fixture
PeterSchafer May 28, 2024
c5f4490
chore: run formatter
PeterSchafer May 28, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions cliv2/go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,10 @@ require (
github.com/snyk/cli-extension-iac-rules v0.0.0-20240422133948-ae17a4306672
github.com/snyk/cli-extension-sbom v0.0.0-20240523084359-a2830fadb001
github.com/snyk/container-cli v0.0.0-20240322120441-6d9b9482f9b1
github.com/snyk/go-application-framework v0.0.0-20240523122731-0eaffbc5ba8c
github.com/snyk/go-application-framework v0.0.0-20240527123353-c7245f912464
github.com/snyk/go-httpauth v0.0.0-20240307114523-1f5ea3f55c65
github.com/snyk/snyk-iac-capture v0.6.5
github.com/snyk/snyk-ls v0.0.0-20240521114551-bdeb64d058c9
github.com/snyk/snyk-ls v0.0.0-20240524141328-ca2e2955918a
github.com/spf13/cobra v1.7.0
github.com/spf13/pflag v1.0.5
github.com/stretchr/testify v1.9.0
Expand Down
12 changes: 4 additions & 8 deletions cliv2/go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -723,8 +723,6 @@ github.com/snyk/cli-extension-dep-graph v0.0.0-20240426125928-8d56ac52821e h1:j1
github.com/snyk/cli-extension-dep-graph v0.0.0-20240426125928-8d56ac52821e/go.mod h1:QF3v8HBpOpyudYNCuR8LqfULutO76c91sBdLzD+pBJU=
github.com/snyk/cli-extension-iac-rules v0.0.0-20240422133948-ae17a4306672 h1:AkLej8Lk//vFex1fiygSYFrQTUd0xP+GyRbsI+m2kwQ=
github.com/snyk/cli-extension-iac-rules v0.0.0-20240422133948-ae17a4306672/go.mod h1:2vKTUsW73sVbDcyD19iNLfN0so2GSu9BE3k/fqG0mjA=
github.com/snyk/cli-extension-sbom v0.0.0-20240426130148-b83c2ebc75c4 h1:nLbplrdYB4ljdFSnpmw2rCqmBVxHcvZOFEqc8JF9OQc=
github.com/snyk/cli-extension-sbom v0.0.0-20240426130148-b83c2ebc75c4/go.mod h1:lqmQT+QdzLdfi7qsqIH4qvCsSWu+P09GDFwQcmFfC0g=
github.com/snyk/cli-extension-sbom v0.0.0-20240523084359-a2830fadb001 h1:EP9cL93+Lqw/wP/C80Sx+pyMYrqQY2NiuLDrad0lZ9w=
github.com/snyk/cli-extension-sbom v0.0.0-20240523084359-a2830fadb001/go.mod h1:lqmQT+QdzLdfi7qsqIH4qvCsSWu+P09GDFwQcmFfC0g=
github.com/snyk/code-client-go v1.5.5 h1:YHgNvh17jVTuSvPVMoeNuDn40z1qb99EfXva/sSRCMw=
Expand All @@ -733,18 +731,16 @@ github.com/snyk/container-cli v0.0.0-20240322120441-6d9b9482f9b1 h1:9RKY9NdX5DrJ
github.com/snyk/container-cli v0.0.0-20240322120441-6d9b9482f9b1/go.mod h1:38w+dcAQp9eG3P5t2eNS9eG0reut10AeJjLv5lJ5lpM=
github.com/snyk/error-catalog-golang-public v0.0.0-20240425141803-2516e42296c3 h1:ZUaY5LIVGQ0GScf1SsaqvUxaiGbBKgBBLsQUgB4Zx5o=
github.com/snyk/error-catalog-golang-public v0.0.0-20240425141803-2516e42296c3/go.mod h1:Ytttq7Pw4vOCu9NtRQaOeDU2dhBYUyNBe6kX4+nIIQ4=
github.com/snyk/go-application-framework v0.0.0-20240521161436-03b01ff08065 h1:uwOtMcz4VlBoyRV43LcIm3ZNVkHYIpnAGmll6KN+13w=
github.com/snyk/go-application-framework v0.0.0-20240521161436-03b01ff08065/go.mod h1:5gvF6i1sqmk1oN21ZbX/EDaEyQtPMfK1pbYCwtS+Fvw=
github.com/snyk/go-application-framework v0.0.0-20240523122731-0eaffbc5ba8c h1:WhVLgZeuJ8uo2Ifit5uhsaQIGezdOAUv6kLKVlm7TTE=
github.com/snyk/go-application-framework v0.0.0-20240523122731-0eaffbc5ba8c/go.mod h1:5gvF6i1sqmk1oN21ZbX/EDaEyQtPMfK1pbYCwtS+Fvw=
github.com/snyk/go-application-framework v0.0.0-20240527123353-c7245f912464 h1:ObGPhWY5v1lCfoM+hNbRKSem1jzf8Lg7dNVIDzdQgXE=
github.com/snyk/go-application-framework v0.0.0-20240527123353-c7245f912464/go.mod h1:5gvF6i1sqmk1oN21ZbX/EDaEyQtPMfK1pbYCwtS+Fvw=
github.com/snyk/go-httpauth v0.0.0-20240307114523-1f5ea3f55c65 h1:CEQuYv0Go6MEyRCD3YjLYM2u3Oxkx8GpCpFBd4rUTUk=
github.com/snyk/go-httpauth v0.0.0-20240307114523-1f5ea3f55c65/go.mod h1:88KbbvGYlmLgee4OcQ19yr0bNpXpOr2kciOthaSzCAg=
github.com/snyk/policy-engine v0.30.11 h1:wUy5LMar2vccMbNM62MSBRdjAQAhAbIm7aNXXO+g2tk=
github.com/snyk/policy-engine v0.30.11/go.mod h1:O6nwYXbb+SNDrYVWBwkieOwVuwXNKBHuXLm//fLz9Dw=
github.com/snyk/snyk-iac-capture v0.6.5 h1:992DXCAJSN97KtUh8T5ndaWwd/6ZCal2bDkRXqM1u/E=
github.com/snyk/snyk-iac-capture v0.6.5/go.mod h1:e47i55EmM0F69ZxyFHC4sCi7vyaJW6DLoaamJJCzWGk=
github.com/snyk/snyk-ls v0.0.0-20240521114551-bdeb64d058c9 h1:VXMcE6du8Wxr45YRg8SWRtjEDDTketyZOSk/0M3HoO0=
github.com/snyk/snyk-ls v0.0.0-20240521114551-bdeb64d058c9/go.mod h1:J4dXMRdjCAKlIUXy4cRnWJbpqyVFdJEKBCNi7TF1TXE=
github.com/snyk/snyk-ls v0.0.0-20240524141328-ca2e2955918a h1:gyBHLXoyaaGRCcqBn3j+vS+aPx1Bztiq2dFOwa/vkK4=
github.com/snyk/snyk-ls v0.0.0-20240524141328-ca2e2955918a/go.mod h1:I+/WSOQkvoGFAIzIu0bNiva45pnhPa0daojqudcU8s8=
github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo=
github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0=
github.com/sourcegraph/go-lsp v0.0.0-20240223163137-f80c5dd31dfd h1:Dq5WSzWsP1TbVi10zPWBI5LKEBDg4Y1OhWEph1wr5WQ=
Expand Down
4 changes: 4 additions & 0 deletions test/fixtures/cocoapods-app/Podfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
target 'SampleApp' do
platform :ios, '6.0'
pod 'Reachability', '3.1.0'
end
14 changes: 14 additions & 0 deletions test/fixtures/cocoapods-app/Podfile.lock
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
PODS:
- Reachability (3.1.0)

DEPENDENCIES:
- Reachability (= 3.1.0)

SPEC REPOS:
trunk:
- Reachability

SPEC CHECKSUMS:
Reachability: 3c8fe9643e52184d17f207e781cd84158da8c02b

PODFILE CHECKSUM: eef52b2296b88c87f94cf0f232f010176b9f11cd
25 changes: 24 additions & 1 deletion test/jest/acceptance/debuglog.spec.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
import { runSnykCLI } from '../util/runSnykCLI';
import { createProjectFromWorkspace } from '../util/createProject';
import { createProject, createProjectFromWorkspace } from '../util/createProject';

jest.setTimeout(1000 * 60);

Expand All @@ -16,10 +16,12 @@ describe('debug log', () => {
DEBUG: '*',
SNYK_LOG_LEVEL: 'trace',
SNYK_TOKEN: token,
HTTP_PROXY: 'http://user:password@myproxy.com',
},
});

expect(stderr).not.toContain(token);
expect(stderr).not.toContain('http://user:password@myproxy.com');
});

it('redacts token from config file', async () => {
Expand All @@ -41,4 +43,25 @@ describe('debug log', () => {
expect(expectedToken).not.toBeFalsy();
expect(stderr).not.toContain(expectedToken);
});

it('redacts externally injected bearer token', async () => {
const project = await createProject('cocoapods-app');

const expectedToken = 'my-bearer-token';

const { stderr } = await runSnykCLI('test -d', {
cwd: project.path(),
env: {
...process.env,
SNYK_DISABLE_ANALYTICS: '1',
DEBUG: '*',
SNYK_LOG_LEVEL: 'trace',
SNYK_OAUTH_TOKEN: expectedToken,
},
});

expect(expectedToken).not.toBeFalsy();
expect(stderr).not.toContain(expectedToken);
expect(stderr).toContain('Bearer ***');
});
});
Loading