From 90c41d9994443777b6428309ce81fc750a8456a0 Mon Sep 17 00:00:00 2001 From: Vladislav Sukhin Date: Tue, 31 Oct 2023 15:48:21 +0300 Subject: [PATCH] fix: obfuscate args --- .../artillery/pkg/runner/artillery.go | 2 +- contrib/executor/curl/pkg/runner/runner.go | 2 +- .../executor/cypress/pkg/runner/cypress.go | 2 +- contrib/executor/ginkgo/pkg/runner/runner.go | 8 +++---- contrib/executor/gradle/pkg/runner/runner.go | 1 + contrib/executor/jmeter/pkg/runner/runner.go | 4 ++-- contrib/executor/jmeterd/pkg/runner/runner.go | 4 ++-- contrib/executor/k6/pkg/runner/runner.go | 2 +- contrib/executor/kubepug/pkg/runner/runner.go | 4 ++-- contrib/executor/maven/pkg/runner/runner.go | 2 +- .../playwright/pkg/runner/playwright.go | 2 +- .../postman/pkg/runner/newman/newman.go | 2 +- contrib/executor/soapui/pkg/runner/runner.go | 3 ++- .../executor/tracetest/pkg/runner/runner.go | 4 ++-- contrib/executor/zap/pkg/runner/runner.go | 9 +++---- pkg/executor/env/manager.go | 24 +++++++++++++++++++ 16 files changed, 51 insertions(+), 24 deletions(-) diff --git a/contrib/executor/artillery/pkg/runner/artillery.go b/contrib/executor/artillery/pkg/runner/artillery.go index 91e5d0be5e..9a65236686 100644 --- a/contrib/executor/artillery/pkg/runner/artillery.go +++ b/contrib/executor/artillery/pkg/runner/artillery.go @@ -118,7 +118,7 @@ func (r *ArtilleryRunner) Run(ctx context.Context, execution testkube.Execution) // run executor command, args := executor.MergeCommandAndArgs(execution.Command, args) - output.PrintLogf("%s Test run command %s %s", ui.IconRocket, command, strings.Join(args, " ")) + output.PrintLogf("%s Test run command %s %s", ui.IconRocket, command, strings.Join(envManager.ObfuscateStringSlice(args), " ")) out, runerr := executor.Run(runPath, command, envManager, args...) out = envManager.ObfuscateSecrets(out) diff --git a/contrib/executor/curl/pkg/runner/runner.go b/contrib/executor/curl/pkg/runner/runner.go index ac7d5d79da..c5d83d4db6 100644 --- a/contrib/executor/curl/pkg/runner/runner.go +++ b/contrib/executor/curl/pkg/runner/runner.go @@ -140,7 +140,7 @@ func (r *CurlRunner) Run(ctx context.Context, execution testkube.Execution) (res } runPath := workingDir - outputPkg.PrintLogf("%s Test run command %s %s", ui.IconRocket, command, strings.Join(args, " ")) + outputPkg.PrintLogf("%s Test run command %s %s", ui.IconRocket, command, strings.Join(envManager.ObfuscateStringSlice(args), " ")) output, err := executor.Run(runPath, command, envManager, args...) output = envManager.ObfuscateSecrets(output) diff --git a/contrib/executor/cypress/pkg/runner/cypress.go b/contrib/executor/cypress/pkg/runner/cypress.go index 14b79c4b6e..c06fd81b8a 100644 --- a/contrib/executor/cypress/pkg/runner/cypress.go +++ b/contrib/executor/cypress/pkg/runner/cypress.go @@ -153,7 +153,7 @@ func (r *CypressRunner) Run(ctx context.Context, execution testkube.Execution) ( // run cypress inside repo directory ignore execution error in case of failed test command, args = executor.MergeCommandAndArgs(execution.Command, args) - output.PrintLogf("%s Test run command %s %s", ui.IconRocket, command, strings.Join(args, " ")) + output.PrintLogf("%s Test run command %s %s", ui.IconRocket, command, strings.Join(envManager.ObfuscateStringSlice(args), " ")) out, err = executor.Run(runPath, command, envManager, args...) out = envManager.ObfuscateSecrets(out) diff --git a/contrib/executor/ginkgo/pkg/runner/runner.go b/contrib/executor/ginkgo/pkg/runner/runner.go index 568554e09b..66134a7a6c 100644 --- a/contrib/executor/ginkgo/pkg/runner/runner.go +++ b/contrib/executor/ginkgo/pkg/runner/runner.go @@ -96,7 +96,7 @@ func (r *GinkgoRunner) Run(ctx context.Context, execution testkube.Execution) (r } // Set up ginkgo potential args - ginkgoArgs, junitReport, err := BuildGinkgoArgs(ginkgoParams, path, runPath, reportFile, execution) + ginkgoArgs, junitReport, err := BuildGinkgoArgs(envManager, ginkgoParams, path, runPath, reportFile, execution) if err != nil { return result, err } @@ -122,7 +122,7 @@ func (r *GinkgoRunner) Run(ctx context.Context, execution testkube.Execution) (r // run executor here command, args = executor.MergeCommandAndArgs(execution.Command, ginkgoArgs) - output.PrintLogf("%s Test run command %s %s", ui.IconRocket, command, strings.Join(args, " ")) + output.PrintLogf("%s Test run command %s %s", ui.IconRocket, command, strings.Join(envManager.ObfuscateStringSlice(args), " ")) out, err := executor.Run(runPath, command, envManager, args...) out = envManager.ObfuscateSecrets(out) @@ -252,7 +252,7 @@ func FindGinkgoParams(execution *testkube.Execution, defaultParams map[string]st return retVal } -func BuildGinkgoArgs(params map[string]string, path, runPath, reportFile string, execution testkube.Execution) ([]string, bool, error) { +func BuildGinkgoArgs(envManager *env.Manager, params map[string]string, path, runPath, reportFile string, execution testkube.Execution) ([]string, bool, error) { output.PrintLogf("%s Building Ginkgo arguments from params", ui.IconWorld) args := execution.Args @@ -314,7 +314,7 @@ func BuildGinkgoArgs(params map[string]string, path, runPath, reportFile string, args[i] = os.ExpandEnv(args[i]) } - output.PrintLogf("%s Ginkgo arguments from params built: %s", ui.IconCheckMark, args) + output.PrintLogf("%s Ginkgo arguments from params built: %s", ui.IconCheckMark, envManager.ObfuscateStringSlice(args)) return args, hasJunit && hasReport, nil } diff --git a/contrib/executor/gradle/pkg/runner/runner.go b/contrib/executor/gradle/pkg/runner/runner.go index 8c916d0aef..256b2e7ced 100644 --- a/contrib/executor/gradle/pkg/runner/runner.go +++ b/contrib/executor/gradle/pkg/runner/runner.go @@ -135,6 +135,7 @@ func (r *GradleRunner) Run(ctx context.Context, execution testkube.Execution) (r args[i] = os.ExpandEnv(args[i]) } + output.PrintEvent("Running task: "+task, project, gradleCommand, envManager.ObfuscateStringSlice(args)) out, err := executor.Run(runPath, gradleCommand, envManager, args...) out = envManager.ObfuscateSecrets(out) diff --git a/contrib/executor/jmeter/pkg/runner/runner.go b/contrib/executor/jmeter/pkg/runner/runner.go index a7f41b28f4..fc5640786f 100644 --- a/contrib/executor/jmeter/pkg/runner/runner.go +++ b/contrib/executor/jmeter/pkg/runner/runner.go @@ -162,7 +162,7 @@ func (r *JMeterRunner) Run(ctx context.Context, execution testkube.Execution) (r args[i] = os.ExpandEnv(args[i]) } - output.PrintLogf("%s Using arguments: %v", ui.IconWorld, args) + output.PrintLogf("%s Using arguments: %v", ui.IconWorld, envManager.ObfuscateStringSlice(args)) entryPoint := getEntryPoint() for i := range execution.Command { @@ -173,7 +173,7 @@ func (r *JMeterRunner) Run(ctx context.Context, execution testkube.Execution) (r command, args := executor.MergeCommandAndArgs(execution.Command, args) // run JMeter inside repo directory ignore execution error in case of failed test - output.PrintLogf("%s Test run command %s %s", ui.IconRocket, command, strings.Join(args, " ")) + output.PrintLogf("%s Test run command %s %s", ui.IconRocket, command, strings.Join(envManager.ObfuscateStringSlice(args), " ")) out, err := executor.Run(runPath, command, envManager, args...) if err != nil { return *result.WithErrors(errors.Errorf("jmeter run error: %v", err)), nil diff --git a/contrib/executor/jmeterd/pkg/runner/runner.go b/contrib/executor/jmeterd/pkg/runner/runner.go index 3debcc041a..cf15fc0943 100644 --- a/contrib/executor/jmeterd/pkg/runner/runner.go +++ b/contrib/executor/jmeterd/pkg/runner/runner.go @@ -209,7 +209,7 @@ func (r *JMeterDRunner) Run(ctx context.Context, execution testkube.Execution) ( args[i] = os.ExpandEnv(args[i]) } - output.PrintLogf("%s Using arguments: %v", ui.IconWorld, args) + output.PrintLogf("%s Using arguments: %v", ui.IconWorld, envManager.ObfuscateStringSlice(args)) entryPoint := getEntryPoint() for i := range execution.Command { @@ -220,7 +220,7 @@ func (r *JMeterDRunner) Run(ctx context.Context, execution testkube.Execution) ( command, args := executor.MergeCommandAndArgs(execution.Command, args) // run JMeter inside repo directory ignore execution error in case of failed test - output.PrintLogf("%s Test run command %s %s", ui.IconRocket, command, strings.Join(args, " ")) + output.PrintLogf("%s Test run command %s %s", ui.IconRocket, command, strings.Join(envManager.ObfuscateStringSlice(args), " ")) out, err := executor.Run(runPath, command, envManager, args...) if err != nil { return *result.WithErrors(errors.Errorf("jmeter run error: %v", err)), nil diff --git a/contrib/executor/k6/pkg/runner/runner.go b/contrib/executor/k6/pkg/runner/runner.go index e12f4cc78c..24037cf8fe 100644 --- a/contrib/executor/k6/pkg/runner/runner.go +++ b/contrib/executor/k6/pkg/runner/runner.go @@ -170,7 +170,7 @@ func (r *K6Runner) Run(ctx context.Context, execution testkube.Execution) (resul } command, args := executor.MergeCommandAndArgs(execution.Command, args) - outputPkg.PrintEvent("Running", directory, command, args) + outputPkg.PrintEvent("Running", directory, command, envManager.ObfuscateStringSlice(args)) runPath := directory if execution.Content.Repository != nil && execution.Content.Repository.WorkingDir != "" { runPath = filepath.Join(directory, execution.Content.Repository.WorkingDir) diff --git a/contrib/executor/kubepug/pkg/runner/runner.go b/contrib/executor/kubepug/pkg/runner/runner.go index 58cdaf7813..71f97bc3a8 100644 --- a/contrib/executor/kubepug/pkg/runner/runner.go +++ b/contrib/executor/kubepug/pkg/runner/runner.go @@ -77,13 +77,13 @@ func (r *KubepugRunner) Run(ctx context.Context, execution testkube.Execution) ( return testkube.ExecutionResult{}, fmt.Errorf("could not build up parameters: %w", err) } - output.PrintLogf("%s Running kubepug with arguments: %v", ui.IconWorld, args) envManager := env.NewManagerWithVars(execution.Variables) envManager.GetReferenceVars(envManager.Variables) + output.PrintLogf("%s Running kubepug with arguments: %v", ui.IconWorld, envManager.ObfuscateStringSlice(args)) runPath := workingDir command, args := executor.MergeCommandAndArgs(execution.Command, args) - output.PrintLogf("%s Test run command %s %s", ui.IconRocket, command, strings.Join(args, " ")) + output.PrintLogf("%s Test run command %s %s", ui.IconRocket, command, strings.Join(envManager.ObfuscateStringSlice(args), " ")) out, err := executor.Run(runPath, command, envManager, args...) out = envManager.ObfuscateSecrets(out) if err != nil { diff --git a/contrib/executor/maven/pkg/runner/runner.go b/contrib/executor/maven/pkg/runner/runner.go index 7ae511e2e4..1af456d4d0 100644 --- a/contrib/executor/maven/pkg/runner/runner.go +++ b/contrib/executor/maven/pkg/runner/runner.go @@ -163,7 +163,7 @@ func (r *MavenRunner) Run(ctx context.Context, execution testkube.Execution) (re args[i] = os.ExpandEnv(args[i]) } - outputPkg.PrintEvent("Running goal: "+goal, mavenHome, mavenCommand, args) + outputPkg.PrintEvent("Running goal: "+goal, mavenHome, mavenCommand, envManager.ObfuscateStringSlice(args)) output, err := executor.Run(runPath, mavenCommand, envManager, args...) output = envManager.ObfuscateSecrets(output) diff --git a/contrib/executor/playwright/pkg/runner/playwright.go b/contrib/executor/playwright/pkg/runner/playwright.go index a9162da935..3a975391b9 100644 --- a/contrib/executor/playwright/pkg/runner/playwright.go +++ b/contrib/executor/playwright/pkg/runner/playwright.go @@ -105,7 +105,7 @@ func (r *PlaywrightRunner) Run(ctx context.Context, execution testkube.Execution envManager.GetReferenceVars(envManager.Variables) command, args := executor.MergeCommandAndArgs(execution.Command, args) - output.PrintEvent("Running", runPath, command, args) + output.PrintEvent("Running", runPath, command, envManager.ObfuscateStringSlice(args)) out, runErr := executor.Run(runPath, command, envManager, args...) out = envManager.ObfuscateSecrets(out) diff --git a/contrib/executor/postman/pkg/runner/newman/newman.go b/contrib/executor/postman/pkg/runner/newman/newman.go index 9bcd46eaf5..83818c7253 100644 --- a/contrib/executor/postman/pkg/runner/newman/newman.go +++ b/contrib/executor/postman/pkg/runner/newman/newman.go @@ -142,7 +142,7 @@ func (r *NewmanRunner) Run(ctx context.Context, execution testkube.Execution) (r // we'll get error here in case of failed test too so we treat this as // starter test execution with failed status command, args := executor.MergeCommandAndArgs(execution.Command, args) - output.PrintLogf("%s Test run command %s %s", ui.IconRocket, command, strings.Join(args, " ")) + output.PrintLogf("%s Test run command %s %s", ui.IconRocket, command, strings.Join(envManager.ObfuscateStringSlice(args), " ")) out, err := executor.Run(runPath, command, envManager, args...) out = envManager.ObfuscateSecrets(out) diff --git a/contrib/executor/soapui/pkg/runner/runner.go b/contrib/executor/soapui/pkg/runner/runner.go index 3bd43d6be9..52e934fdd1 100644 --- a/contrib/executor/soapui/pkg/runner/runner.go +++ b/contrib/executor/soapui/pkg/runner/runner.go @@ -146,7 +146,8 @@ func (r *SoapUIRunner) runSoapUI(execution *testkube.Execution, workingDir strin runPath := workingDir command, args := executor.MergeCommandAndArgs(execution.Command, nil) - output.PrintLogf("%s Test run command %s %s", ui.IconRocket, strings.Join(execution.Command, " "), strings.Join(execution.Args, " ")) + output.PrintLogf("%s Test run command %s %s", ui.IconRocket, strings.Join(execution.Command, " "), + strings.Join(envManager.ObfuscateStringSlice(execution.Args), " ")) output, err := executor.Run(runPath, command, envManager, args...) output = envManager.ObfuscateSecrets(output) if err != nil { diff --git a/contrib/executor/tracetest/pkg/runner/runner.go b/contrib/executor/tracetest/pkg/runner/runner.go index d093b42d74..e047d6c72e 100644 --- a/contrib/executor/tracetest/pkg/runner/runner.go +++ b/contrib/executor/tracetest/pkg/runner/runner.go @@ -79,12 +79,12 @@ func (r *TracetestRunner) Run(ctx context.Context, execution testkube.Execution) output.PrintLogf("%s Could not build up parameters: %s", ui.IconCross, err.Error()) return testkube.ExecutionResult{}, fmt.Errorf("could not build up parameters: %w", err) } - output.PrintLogf("%s Using arguments: %v", ui.IconWorld, args) + output.PrintLogf("%s Using arguments: %v", ui.IconWorld, envManager.ObfuscateStringSlice(args)) command, args := executor.MergeCommandAndArgs(execution.Command, args) // Run tracetest test from definition file - output.PrintLogf("%s Test run command %s %s", ui.IconRocket, command, strings.Join(args, " ")) + output.PrintLogf("%s Test run command %s %s", ui.IconRocket, command, strings.Join(envManager.ObfuscateStringSlice(args), " ")) output, err := executor.Run("", command, envManager, args...) runResult := model.Result{Output: string(output), ServerEndpoint: te, OutputEndpoint: toe} diff --git a/contrib/executor/zap/pkg/runner/runner.go b/contrib/executor/zap/pkg/runner/runner.go index df2d6d057f..b8145e3577 100644 --- a/contrib/executor/zap/pkg/runner/runner.go +++ b/contrib/executor/zap/pkg/runner/runner.go @@ -102,16 +102,17 @@ func (r *ZapRunner) Run(ctx context.Context, execution testkube.Execution) (resu if err != nil { return *result.WithErrors(err), nil } - args := zapArgs(scanType, options, reportFile) - output.PrintLogf("%s Reading execution arguments", ui.IconWorld) - args = MergeArgs(args, reportFile, execution) - output.PrintLogf("%s Arguments are ready: %s", ui.IconCheckMark, args) output.PrintLogf("%s Preparing variables", ui.IconWorld) envManager := env.NewManagerWithVars(execution.Variables) envManager.GetReferenceVars(envManager.Variables) output.PrintLogf("%s Variables are prepared", ui.IconCheckMark) + args := zapArgs(scanType, options, reportFile) + output.PrintLogf("%s Reading execution arguments", ui.IconWorld) + args = MergeArgs(args, reportFile, execution) + output.PrintLogf("%s Arguments are ready: %s", ui.IconCheckMark, envManager.ObfuscateStringSlice(args)) + // when using file based ZAP parameters it expects a /zap/wrk directory // we simply symlink the directory os.Symlink(workingDir, filepath.Join(r.ZapHome, "wrk")) diff --git a/pkg/executor/env/manager.go b/pkg/executor/env/manager.go index bb986e4f88..1869698904 100644 --- a/pkg/executor/env/manager.go +++ b/pkg/executor/env/manager.go @@ -38,6 +38,8 @@ type Interface interface { GetReferenceVars(variables map[string]testkube.Variable) // ObfuscateSecrets obfuscates secret values ObfuscateSecrets(p []byte) []byte + // ObfuscateStringSlice obfuscates string slice values + ObfuscateStringSlice(values []string) []string } // NewManager returns an implementation of the Manager @@ -285,3 +287,25 @@ func (m Manager) ObfuscateSecrets(p []byte) []byte { return p } + +// ObfuscateStringSlice obfuscates string slice values +func (m Manager) ObfuscateStringSlice(values []string) []string { + if m.Variables == nil { + return values + } + + var results []string + for _, value := range values { + for _, variable := range m.Variables { + if !variable.IsSecret() { + continue + } + + value = strings.ReplaceAll(value, variable.Value, strings.Repeat("*", len(variable.Value))) + } + + results = append(results, value) + } + + return results +}