Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(config): use redact on config output #7521

Merged
merged 6 commits into from
May 14, 2024
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 18 additions & 10 deletions lib/commands/config.js
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ const pkgJson = require('@npmcli/package-json')
const { defaults, definitions } = require('@npmcli/config/lib/definitions')
const { log, output } = require('proc-log')
const BaseCommand = require('../base-cmd.js')
const { redact } = require('@npmcli/redact')

// These are the configs that we can nerf-dart. Not all of them currently even
// *have* config definitions so we have to explicitly validate them here.
Expand Down Expand Up @@ -53,7 +54,7 @@ const keyValues = args => {
return kv
}

const publicVar = k => {
const publicVar = (k, v) => {
// _password
if (k.startsWith('_')) {
return false
Expand All @@ -73,6 +74,10 @@ const publicVar = k => {
}
}
}
// Hide proxy url if it contains basic auth
if (k === 'proxy') {
lukekarrys marked this conversation as resolved.
Show resolved Hide resolved
return redact(v) === v
}
return true
}

Expand Down Expand Up @@ -206,7 +211,8 @@ class Config extends BaseCommand {

const out = []
for (const key of keys) {
if (!publicVar(key)) {
const val = this.npm.config.get(key)
if (!publicVar(key, val)) {
throw new Error(`The ${key} option is protected, and can not be retrieved in this way`)
}

Expand Down Expand Up @@ -338,14 +344,14 @@ ${defData}
continue
}

const keys = Object.keys(data).sort(localeCompare)
const keys = Object.entries(data).sort(([a], [b]) => localeCompare(a, b))
lukekarrys marked this conversation as resolved.
Show resolved Hide resolved
if (!keys.length) {
continue
}

msg.push(`; "${where}" config from ${source}`, '')
for (const k of keys) {
const v = publicVar(k) ? JSON.stringify(data[k]) : '(protected)'
for (const [k, value] of keys) {
const v = publicVar(k, value) ? JSON.stringify(value) : '(protected)'
const src = this.npm.config.find(k)
const overridden = src !== where
msg.push((overridden ? '; ' : '') +
Expand Down Expand Up @@ -374,9 +380,10 @@ ${defData}
const pkgPath = resolve(this.npm.prefix, 'package.json')
msg.push(`; "publishConfig" from ${pkgPath}`)
msg.push('; This set of config values will be used at publish-time.', '')
const pkgKeys = Object.keys(content.publishConfig).sort(localeCompare)
for (const k of pkgKeys) {
const v = publicVar(k) ? JSON.stringify(content.publishConfig[k]) : '(protected)'
const entries = Object.entries(content.publishConfig)
.sort(([a], [b]) => localeCompare(a, b))
for (const [k, value] of entries) {
const v = publicVar(k, value) ? JSON.stringify(value) : '(protected)'
msg.push(`${k} = ${v}`)
}
msg.push('')
Expand All @@ -389,11 +396,12 @@ ${defData}
async listJson () {
const publicConf = {}
for (const key in this.npm.config.list[0]) {
if (!publicVar(key)) {
const value = this.npm.config.get(key)
if (!publicVar(key, value)) {
continue
}

publicConf[key] = this.npm.config.get(key)
publicConf[key] = value
}
output.standard(JSON.stringify(publicConf, null, 2))
}
Expand Down
14 changes: 14 additions & 0 deletions test/lib/commands/config.js
Original file line number Diff line number Diff line change
Expand Up @@ -503,6 +503,20 @@ t.test('config get private key', async t => {
/_password option is protected/,
'rejects with protected string'
)

await npm.exec('config', ['set', 'proxy', 'https://proxy.npmjs.org'])

await t.resolves(
npm.exec('config', ['get', 'proxy']),
'https://proxy.npmjs.org'
)

await npm.exec('config', ['set', 'proxy', 'https://username:password@proxy.npmjs.org'])

await t.rejects(
npm.exec('config', ['get', 'proxy']),
/proxy option is protected/
)
})

t.test('config edit', async t => {
Expand Down
Loading