woodpecker/pipeline/shared/replace_secrets_test.go
6543 5742e8695c
Do not sanitzie secrets with 3 or less chars (#2680)
as this secrets have to low entropy they can not be valid secrets and
e.g. make log only unredable

just add a secret with value `a` to a repo an run a pipeline ...

---
*Sponsored by Kithara Software GmbH*
2023-10-31 19:44:03 +01:00

63 lines
2 KiB
Go

// Copyright 2023 Woodpecker Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package shared
import (
"testing"
"github.com/stretchr/testify/assert"
)
func TestNewSecretsReplacer(t *testing.T) {
tc := []struct {
name string
log string
secrets []string
expect string
}{{
name: "dont replace secrets with less than 3 chars",
log: "start log\ndone",
secrets: []string{"", "d", "art"},
expect: "start log\ndone",
}, {
name: "single line passwords",
log: `this IS secret: password`,
secrets: []string{"password", " IS "},
expect: `this IS secret: ********`,
}, {
name: "secret with one newline",
log: "start log\ndone\nnow\nan\nmulti line secret!! ;)",
secrets: []string{"an\nmulti line secret!!"},
expect: "start log\ndone\nnow\n********\n******** ;)",
}, {
name: "secret with multible lines with no match",
log: "start log\ndone\nnow\nan\nmulti line secret!! ;)",
secrets: []string{"Test\nwith\n\ntwo new lines"},
expect: "start log\ndone\nnow\nan\nmulti line secret!! ;)",
}, {
name: "secret with multible lines with match",
log: "start log\ndone\nnow\nan\nmulti line secret!! ;)\nwith\ntwo\n\nnewlines",
secrets: []string{"an\nmulti line secret!!", "two\n\nnewlines"},
expect: "start log\ndone\nnow\n********\n******** ;)\nwith\n********\n\n********",
}}
for _, c := range tc {
t.Run(c.name, func(t *testing.T) {
rep := NewSecretsReplacer(c.secrets)
result := rep.Replace(c.log)
assert.EqualValues(t, c.expect, result)
})
}
}