From bbb01d1ee9d3c649c473f809ca749d6db905fac0 Mon Sep 17 00:00:00 2001 From: Christian Schlotter Date: Mon, 13 May 2024 14:22:58 +0200 Subject: [PATCH] hack/e2e don't add binary files to artifacts and also censor base64 encoded values --- hack/e2e.sh | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/hack/e2e.sh b/hack/e2e.sh index 3dee8b0902..5b7273fb8a 100755 --- a/hack/e2e.sh +++ b/hack/e2e.sh @@ -44,12 +44,27 @@ on_exit() { # Cleanup VSPHERE_PASSWORD from temporary artifacts directory. if [[ "${ORIGINAL_ARTIFACTS}" != "" ]]; then - if [ -z "$VSPHERE_PASSWORD" ]; then - grep -r -l -e "${VSPHERE_PASSWORD}" "${ARTIFACTS}" | while IFS= read -r file + # Delete non-text files from artifacts directory to not leak files accidentially + find "${ARTIFACTS}" -type f -exec file --mime-type {} \; | grep -v -E -e "text/plain|text/xml|application/json|inode/x-empty" | while IFS= read -r line + do + file="$(echo "${line}" | cut -d ':' -f1)" + mimetype="$(echo "${line}" | cut -d ':' -f2)" + echo "Deleting file ${file} of type ${mimetype}" + rm "${file}" + done || true + # Replace secret and base64 secret in all files. + if [ -n "$VSPHERE_PASSWORD" ]; then + grep -I -r -l -e "${VSPHERE_PASSWORD}" "${ARTIFACTS}" | while IFS= read -r file do echo "Cleaning up VSPHERE_PASSWORD from file ${file}" sed -i "s/${VSPHERE_PASSWORD}/REDACTED/g" "${file}" done || true + VSPHERE_PASSWORD_B64=$(echo -n "${VSPHERE_PASSWORD}" | base64 --wrap=0) + grep -I -r -l -e "${VSPHERE_PASSWORD_B64}" "${ARTIFACTS}" | while IFS= read -r file + do + echo "Cleaning up VSPHERE_PASSWORD_B64 from file ${file}" + sed -i "s/${VSPHERE_PASSWORD_B64}/REDACTED/g" "${file}" + done || true fi # Move all artifacts to the original artifacts location. mv "${ARTIFACTS}"/* "${ORIGINAL_ARTIFACTS}/"