From ff44e3819fd4866a392f1d007a35c65bf427d980 Mon Sep 17 00:00:00 2001 From: Mostafa Ahangarha Date: Wed, 22 Nov 2023 15:19:13 +0330 Subject: [PATCH 1/3] Hide sensitive data --- lib/core/controlplane.rb | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/lib/core/controlplane.rb b/lib/core/controlplane.rb index 0b5e0227..c4afc2dc 100644 --- a/lib/core/controlplane.rb +++ b/lib/core/controlplane.rb @@ -23,6 +23,7 @@ def profile_exists?(profile) end def profile_create(profile, token) + @sensitive_data_pattern = /(?<=--token )(\S+)/ cmd = "cpln profile create #{profile} --token #{token}" cmd += " > /dev/null" if Shell.should_hide_output? perform!(cmd) @@ -341,19 +342,19 @@ def parse_apply_result(result) # rubocop:disable Metrics/CyclomaticComplexity, M private def perform(cmd) - Shell.debug("CMD", cmd) + Shell.debug("CMD", hide_sensitive_data(cmd)) system(cmd) end def perform!(cmd) - Shell.debug("CMD", cmd) + Shell.debug("CMD", hide_sensitive_data(cmd)) system(cmd) || exit(false) end def perform_yaml(cmd) - Shell.debug("CMD", cmd) + Shell.debug("CMD", hide_sensitive_data(cmd)) result = `#{cmd}` $CHILD_STATUS.success? ? YAML.safe_load(result) : exit(false) @@ -362,4 +363,11 @@ def perform_yaml(cmd) def gvc_org "--gvc #{gvc} --org #{org}" end + + def hide_sensitive_data(message) + pattern = @sensitive_data_pattern + return message unless pattern.is_a?(Regexp) + + message.gsub(pattern, "XXXXXXX") + end end From f0a267a166d51786c51c6073848293581c160a74 Mon Sep 17 00:00:00 2001 From: Mostafa Ahangarha Date: Thu, 30 Nov 2023 14:57:29 +0330 Subject: [PATCH 2/3] Move hide_sensitive_data to Shell --- lib/core/controlplane.rb | 19 ++++++------------- lib/core/shell.rb | 25 +++++++++++++++++++++++-- 2 files changed, 29 insertions(+), 15 deletions(-) diff --git a/lib/core/controlplane.rb b/lib/core/controlplane.rb index c4afc2dc..a9f51973 100644 --- a/lib/core/controlplane.rb +++ b/lib/core/controlplane.rb @@ -23,10 +23,10 @@ def profile_exists?(profile) end def profile_create(profile, token) - @sensitive_data_pattern = /(?<=--token )(\S+)/ + sensitive_data_pattern = /(?<=--token )(\S+)/ cmd = "cpln profile create #{profile} --token #{token}" cmd += " > /dev/null" if Shell.should_hide_output? - perform!(cmd) + perform!(cmd, sensitive_data_pattern: sensitive_data_pattern) end def profile_delete(profile) @@ -342,19 +342,19 @@ def parse_apply_result(result) # rubocop:disable Metrics/CyclomaticComplexity, M private def perform(cmd) - Shell.debug("CMD", hide_sensitive_data(cmd)) + Shell.debug("CMD", cmd) system(cmd) end - def perform!(cmd) - Shell.debug("CMD", hide_sensitive_data(cmd)) + def perform!(cmd, sensitive_data_pattern: nil) + Shell.debug("CMD", cmd, sensitive_data_pattern: sensitive_data_pattern) system(cmd) || exit(false) end def perform_yaml(cmd) - Shell.debug("CMD", hide_sensitive_data(cmd)) + Shell.debug("CMD", cmd) result = `#{cmd}` $CHILD_STATUS.success? ? YAML.safe_load(result) : exit(false) @@ -363,11 +363,4 @@ def perform_yaml(cmd) def gvc_org "--gvc #{gvc} --org #{org}" end - - def hide_sensitive_data(message) - pattern = @sensitive_data_pattern - return message unless pattern.is_a?(Regexp) - - message.gsub(pattern, "XXXXXXX") - end end diff --git a/lib/core/shell.rb b/lib/core/shell.rb index 9595f322..55836522 100644 --- a/lib/core/shell.rb +++ b/lib/core/shell.rb @@ -55,11 +55,32 @@ def self.verbose_mode(verbose) @verbose = verbose end - def self.debug(prefix, message) - stderr.puts("\n[#{color(prefix, :red)}] #{message}") if verbose + def self.debug(prefix, message, sensitive_data_pattern: nil) + filtered_message = hide_sensitive_data(message, sensitive_data_pattern) + + stderr.puts("\n[#{color(prefix, :red)}] #{filtered_message}") if verbose end def self.should_hide_output? tmp_stderr && !verbose end + + # + # Hide sensitive data based on the passed pattern + # + # @param [String] message + # The message to get processed. + # @param [Regexp, nil] pattern + # The regular expression to be used. If not provided, no filter gets applied. + # + # @return [String] + # Filtered message. + # + # @example + # hide_sensitive_data("--token abcd", /(?<=--token )(\S+)/) + def self.hide_sensitive_data(message, pattern = nil) + return message unless pattern.is_a?(Regexp) + + message.gsub(pattern, "XXXXXXX") + end end From 34955e4cda1524f0745412366a830d89d18df8e3 Mon Sep 17 00:00:00 2001 From: Mostafa Ahangarha Date: Sat, 2 Dec 2023 22:55:25 +0330 Subject: [PATCH 3/3] Simplify the logic in debug method --- lib/core/shell.rb | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/core/shell.rb b/lib/core/shell.rb index 55836522..3417c3ee 100644 --- a/lib/core/shell.rb +++ b/lib/core/shell.rb @@ -56,9 +56,10 @@ def self.verbose_mode(verbose) end def self.debug(prefix, message, sensitive_data_pattern: nil) - filtered_message = hide_sensitive_data(message, sensitive_data_pattern) + return unless verbose - stderr.puts("\n[#{color(prefix, :red)}] #{filtered_message}") if verbose + filtered_message = hide_sensitive_data(message, sensitive_data_pattern) + stderr.puts("\n[#{color(prefix, :red)}] #{filtered_message}") end def self.should_hide_output?