hack/e2e don't add binary files to artifacts and also censor base64 e…

…ncoded values
kubernetes-sigs · May 13, 2024 · 2d1cc7a · 2d1cc7a
1 parent 640fe22
commit 2d1cc7a
Showing 1 changed file with 16 additions and 1 deletion.
diff --git a/hack/e2e.sh b/hack/e2e.sh
@@ -49,12 +49,27 @@ on_exit() {
 
   # Cleanup VSPHERE_PASSWORD from temporary artifacts directory.
   if [[ "${ORIGINAL_ARTIFACTS}" != "" ]]; then
+    # Delete non-text files from artifacts directory to not leak files accidentially
+    find . -type f -exec file --mime-type {} \; | grep -v text/plain | while IFS= read -r line
+    do
+      file="$(echo "${line}" | cut -d ':' -f1)"
+      mimetype="$(echo "${line}" | cut -d ':' -f2)"
+      echo "Deleting file ${file} of type ${mimetype}"
+      rm "${file}"
+    done
+    # Replace secret and base64 secret in all files.
     if [ -z "$VSPHERE_PASSWORD" ]; then
-      grep -r -l -e "${VSPHERE_PASSWORD}" "${ARTIFACTS}" | while IFS= read -r file
+      grep -I -r -l -e "${VSPHERE_PASSWORD}" "${ARTIFACTS}" | while IFS= read -r file
       do
         echo "Cleaning up VSPHERE_PASSWORD from file ${file}"
         sed -i "s/${VSPHERE_PASSWORD}/REDACTED/g" "${file}"
       done || true
+      VSPHERE_PASSWORD_B64=$(echo -n "${VSPHERE_PASSWORD}" | base64 -b0)
+      grep -I -r -l -e "${VSPHERE_PASSWORD_B64}" "${ARTIFACTS}" | while IFS= read -r file
+      do
+        echo "Cleaning up VSPHERE_PASSWORD_B64 from file ${file}"
+        sed -i "s/${VSPHERE_PASSWORD_B64}/REDACTED/g" "${file}"
+      done || true
     fi
     # Move all artifacts to the original artifacts location.
     mv "${ARTIFACTS}"/* "${ORIGINAL_ARTIFACTS}/"