fix: hide masked value (#668)

* fix: hide masked value The ::add-mask:: command output logs the value to be masked. This does expose critical information which should be hidden from the output. * Add test to not output secret in add-mask command Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
nektos · May 15, 2021 · 3db5037 · 3db5037
1 parent ef0da2a
commit 3db5037
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 1 deletion.
diff --git a/pkg/runner/command.go b/pkg/runner/command.go
@@ -54,7 +54,7 @@ func (rc *RunContext) commandHandler(ctx context.Context) common.LineHandler {
 		case "error":
 			logger.Infof("  \U00002757  %s", line)
 		case "add-mask":
-			logger.Infof("  \U00002699  %s", line)
+			logger.Infof("  \U00002699  %s", "***")
 		case "stop-commands":
 			resumeCommand = arg
 			logger.Infof("  \U00002699  %s", line)

diff --git a/pkg/runner/command_test.go b/pkg/runner/command_test.go
@@ -4,6 +4,8 @@ import (
 	"context"
 	"testing"
 
+	"github.com/nektos/act/pkg/common"
+	"github.com/sirupsen/logrus/hooks/test"
 	"github.com/stretchr/testify/assert"
 )
 
@@ -88,3 +90,17 @@ func TestAddpathADO(t *testing.T) {
 	handler("##[add-path]/boo\n")
 	a.Equal("/boo", rc.ExtraPath[1])
 }
+
+func TestAddmask(t *testing.T) {
+	logger, hook := test.NewNullLogger()
+
+	a := assert.New(t)
+	ctx := context.Background()
+	loggerCtx := common.WithLogger(ctx, logger)
+
+	rc := new(RunContext)
+	handler := rc.commandHandler(loggerCtx)
+	handler("::add-mask::my-secret-value\n")
+
+	a.NotEqual("  \U00002699  *my-secret-value", hook.LastEntry().Message)
+}