redact secrets from rage output

Summary: # This diff Refactors `eden rage` so that all of the output is ran through a redaction method that attempts to remove any secrets/sensitive info. Secrets/tokens are detected using a list of regexes. These are hard coded in the shared "redact" library that is used in this diff. # Context `eden rage` dumps out environment information and logs, which may contain secrets or sensitive information. `sl rage` protects against this by running a redaction regrex over each line of the rage and replacing any secrets with `<redacted>`. We should reuse that logic in EdenFS as well, so that we can avoid dumping secrets or senstive information to the terminal or pastry. Reviewed By: lXXXw Differential Revision: D66678215 fbshipit-source-id: be6429dd599b3d51e3a038b10bb3c53c6627d49d
facebook · Dec 4, 2024 · 6a86b2a · 6a86b2a
1 parent b80a157
commit 6a86b2a
Show file tree

Hide file tree

Showing 3 changed files with 151 additions and 113 deletions.
diff --git a/eden/fs/cli/TARGETS b/eden/fs/cli/TARGETS
@@ -196,6 +196,7 @@ python_library(
         "//eden/fs/py/eden:dirstate",
         "//eden/fs/py/eden/thrift:legacy",
         "//eden/fs/service:thrift-py-deprecated",
+        "//eden/scm:redact",
         "//fb303/thrift:fb303_core-py",
         "//thrift/lib/py:base",
         "//thrift/lib/py:server_base",