Merge pull request #200 from salesforcecli/sm/security-warnings

Sm/security-warnings
salesforcecli · Sep 29, 2021 · 851ac03 · 851ac03
2 parents a7bdcb3 + e6f6ac2
commit 851ac03
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 2 deletions.
diff --git a/messages/messages.json b/messages/messages.json
@@ -18,5 +18,7 @@
   "AlphaNumericNameError": "Name must contain only alphanumeric characters.",
   "NameMustStartWithLetterError": "Name must start with a letter.",
   "EndWithUnderscoreError": "Name can't end with an underscore.",
-  "DoubleUnderscoreError": "Name can't contain 2 consecutive underscores."
+  "DoubleUnderscoreError": "Name can't contain 2 consecutive underscores.",
+
+  "SecurityWarning": "This command will expose sensitive information that allows for subsequent activity using your current authenticated session.\nSharing this information is equivalent to logging someone in under the current credential, resulting in unintended access and escalation of privilege.\nFor additional information, please review the authorization section of the https://developer.salesforce.com/docs/atlas.en-us.234.0.sfdx_dev.meta/sfdx_dev/sfdx_dev_auth_web_flow.htm"
 }
diff --git a/src/commands/force/org/display.ts b/src/commands/force/org/display.ts
@@ -17,7 +17,7 @@ import { OrgListUtil } from '../../../shared/orgListUtil';
 
 Messages.importMessagesDirectory(__dirname);
 const messages = Messages.loadMessages('@salesforce/plugin-org', 'display');
-
+const sharedMessages = Messages.loadMessages('@salesforce/plugin-org', 'messages');
 export class OrgDisplayCommand extends SfdxCommand {
   public static readonly description = messages.getMessage('description');
   public static readonly examples = messages.getMessage('examples').split(os.EOL);
@@ -68,6 +68,8 @@ export class OrgDisplayCommand extends SfdxCommand {
   }
 
   private print(result: OrgDisplayReturn): void {
+    this.ux.warn(sharedMessages.getMessage('SecurityWarning'));
+    this.ux.log('');
     const columns = {
       columns: [
         { key: 'key', label: 'KEY' },

diff --git a/src/commands/force/org/open.ts b/src/commands/force/org/open.ts
@@ -13,6 +13,8 @@ import { openUrl } from '../../../shared/utils';
 
 Messages.importMessagesDirectory(__dirname);
 const messages = Messages.loadMessages('@salesforce/plugin-org', 'open');
+const sharedMessages = Messages.loadMessages('@salesforce/plugin-org', 'messages');
+
 export class OrgOpenCommand extends SfdxCommand {
   public static readonly description = messages.getMessage('description');
   public static readonly examples = messages.getMessage('examples').split(EOL);
@@ -37,6 +39,9 @@ export class OrgOpenCommand extends SfdxCommand {
     const username = this.org.getUsername();
     const output = { orgId, url, username };
 
+    this.ux.warn(sharedMessages.getMessage('SecurityWarning'));
+    this.ux.log('');
+
     if (new Env().getBoolean('SFDX_CONTAINER_MODE')) {
       // instruct the user that they need to paste the URL into the browser
       this.ux.styledHeader('Action Required!');