private BuildCommand setupSecrets() { List<EnvironmentVariableContext.EnvironmentVariable> secrets = environmentVariableContext().getSecureEnvironmentVariables(); ArrayList<BuildCommand> commands = new ArrayList<>(); for (EnvironmentVariableContext.EnvironmentVariable secret : secrets) { commands.add(secret(secret.value())); } return BuildCommand.compose(commands); }
public BuildCommand updateTo(String baseDir, RevisionContext revisionContext) { Revision revision = revisionContext.getLatestRevision(); String workingDir = material.workingdir(new File(baseDir)).getPath(); return compose( secret(material.getPassword()), execTfsCheckout(material, revision, workingDir) ); }
public BuildCommand updateTo(String baseDir, RevisionContext revisionContext) { String workingDir = material.workingdir(new File(baseDir)).getPath(); String revision = revisionContext.getLatestRevision().getRevision(); this.clientName = material.clientName(new File(workingDir)); return compose( secret(material.getPassword()), loginIfUsingTickets(), constructClient(workingDir, clientName), cleanWorkingDir(workingDir), echo(format("[%s] Start updating %s at revision %s from %s", GoConstants.PRODUCT_NAME, material.updatingTarget(), revision, material.getServerAndPort())), sync(workingDir, revision), echo(format("[%s] Done.\n", GoConstants.PRODUCT_NAME)) ); }
public BuildCommand updateTo(String baseDir, RevisionContext revisionContext) { Revision revision = revisionContext.getLatestRevision(); String workingDir = material.workingdir(new File(baseDir)).getPath(); UrlArgument url = material.getUrlArgument(); return compose( secret(url.forCommandline(), url.forDisplay()), echoWithPrefix("Start updating %s at revision %s from %s", material.updatingTarget(), revision.getRevision(), url.forDisplay()), cloneIfNeeded(workingDir), pull(workingDir), update(workingDir, revision), echoWithPrefix("Done.\n")); }
public BuildCommand updateTo(String baseDir, RevisionContext revisionContext) { Revision revision = revisionContext.getLatestRevision(); String workingDir = material.workingdir(new File(baseDir)).getPath(); UrlArgument url = material.getUrlArgument(); return compose( echoWithPrefix(format("Start updating %s at revision %s from %s", material.updatingTarget(), revision.getRevision(), url.forDisplay())), secret(url.forCommandline(), url.forDisplay()), secret(material.getPassword(), "*********************"), cleanupAndUpdate(workingDir, revision).setTest(shouldDoCleanupAndUpdate(workingDir)), freshCheckout(workingDir, revision).setTest(isNotRepository(workingDir)), freshCheckout(workingDir, revision).setTest(test("-nd", workingDir)), freshCheckout(workingDir, revision).setTest(repoUrlChanged(workingDir)), echoWithPrefix(format("Done.\n")) ); }
@Test public void shouldNotLeakSecretWhenExceptionHappened() throws Exception { runBuild(compose( secret("the-answer-is-42"), error("error: the-answer-is-42")), Failed); assertThat(console.output(), containsString("error: ******")); assertThat(console.output(), not(containsString("the-anwser-is-42"))); } }
public BuildCommand updateTo(String baseDir, RevisionContext revisionContext) { Revision revision = revisionContext.getLatestRevision(); String workingDir = material.workingdir(new File(baseDir)).getPath(); UrlArgument url = material.getUrlArgument(); return compose( echoWithPrefix("Start updating %s at revision %s from %s", material.updatingTarget(), revision.getRevision(), url.forDisplay()), secret(url.forCommandline(), url.forDisplay()), cloneIfNeeded(workingDir, revisionContext.numberOfModifications() + 1), fetchRemote(workingDir), unshallowIfNeeded(workingDir, revision, new Integer[]{GitMaterial.UNSHALLOW_TRYOUT_STEP, Integer.MAX_VALUE}), resetWorkingCopy(workingDir, revision), echoWithPrefix("Done.\n")); }
@Test @RunIf(value = EnhancedOSChecker.class, arguments = {DO_NOT_RUN_ON, OSChecker.WINDOWS}) public void shouldNotLeakSecretsToConsoleLog() { runBuild(compose(secret("topsecret"), exec("not-not-not-exist", "topsecret")), Failed); assertThat(console.output(), containsString("not-not-not-exist ******")); assertThat(console.output(), not(containsString("topsecret"))); }
@Test @RunIf(value = EnhancedOSChecker.class, arguments = {DO_NOT_RUN_ON, OSChecker.WINDOWS}) public void shouldNotLeakSecretsToLog() { try (LogFixture logFixture = logFixtureFor(ExecCommandExecutor.class, Level.DEBUG)) { runBuild(compose(secret("topsecret"), exec("not-not-not-exist", "topsecret")), Failed); String logs = logFixture.getLog(); assertThat(logs, containsString("not-not-not-exist ******")); assertThat(logs, not(containsString("topsecret"))); } }
@Test public void addSecretWithSubstitution() throws Exception { runBuild(compose( secret("foo:bar@ssss.com", "foo:******@ssss.com"), exec("echo", "connecting to foo:bar@ssss.com"), exec("echo", "connecting to foo:bar@tttt.com")), Passed); assertThat(console.firstLine(), containsString("connecting to foo:******@ssss.com")); assertThat(console.asList().get(1), containsString("connecting to foo:bar@tttt.com")); }
@Test public void secretMaskValuesInExportOutput() throws Exception { runBuild(compose( secret("42"), export("oracle", "the answer is 42", false)), Passed); assertThat(console.output(), is("[go] setting environment variable 'oracle' to value 'the answer is ******'")); }
@Test public void secretMaskValuesInExecOutput() throws Exception { runBuild(compose( secret("42"), exec("echo", "the answer is 42")), Passed); assertThat(console.output(), containsString("the answer is ******")); }