From 3f7a01af939560ceb1222bca97d1ca4bee1ed843 Mon Sep 17 00:00:00 2001
From: Tingluo Huang <tingluohuang@github.com>
Date: Tue, 21 Apr 2020 22:07:55 -0400
Subject: [PATCH] add secret masker for trimming double qoutes. (#440)

---
 src/Runner.Common/HostContext.cs           |  1 +
 src/Sdk/DTLogging/Logging/ValueEncoders.cs | 14 ++++++++++++++
 src/Test/L0/HostContextL0.cs               |  5 +++++
 3 files changed, 20 insertions(+)

diff --git a/src/Runner.Common/HostContext.cs b/src/Runner.Common/HostContext.cs
index 4da520913..b9a44fa2b 100644
--- a/src/Runner.Common/HostContext.cs
+++ b/src/Runner.Common/HostContext.cs
@@ -89,6 +89,7 @@ namespace GitHub.Runner.Common
             this.SecretMasker.AddValueEncoder(ValueEncoders.JsonStringEscape);
             this.SecretMasker.AddValueEncoder(ValueEncoders.UriDataEscape);
             this.SecretMasker.AddValueEncoder(ValueEncoders.XmlDataEscape);
+            this.SecretMasker.AddValueEncoder(ValueEncoders.TrimDoubleQuotes);
 
             // Create the trace manager.
             if (string.IsNullOrEmpty(logFile))
diff --git a/src/Sdk/DTLogging/Logging/ValueEncoders.cs b/src/Sdk/DTLogging/Logging/ValueEncoders.cs
index 774787991..6a96c1720 100644
--- a/src/Sdk/DTLogging/Logging/ValueEncoders.cs
+++ b/src/Sdk/DTLogging/Logging/ValueEncoders.cs
@@ -60,6 +60,20 @@ namespace GitHub.DistributedTask.Logging
             return SecurityElement.Escape(value);
         }
 
+        public static String TrimDoubleQuotes(String value)
+        {
+            var trimmed = string.Empty;
+            if (!string.IsNullOrEmpty(value) &&
+                value.Length > 8 &&
+                value.StartsWith('"') &&
+                value.EndsWith('"'))
+            {
+                trimmed = value.Substring(1, value.Length - 2);
+            }
+
+            return trimmed;
+        }
+
         private static string Base64StringEscapeShift(String value, int shift)
         {
             var bytes = Encoding.UTF8.GetBytes(value);
diff --git a/src/Test/L0/HostContextL0.cs b/src/Test/L0/HostContextL0.cs
index 4b5bbf6d1..9e5c52901 100644
--- a/src/Test/L0/HostContextL0.cs
+++ b/src/Test/L0/HostContextL0.cs
@@ -85,6 +85,8 @@ namespace GitHub.Runner.Common.Tests
                 _hc.SecretMasker.AddValue("Pass word 123!");
                 _hc.SecretMasker.AddValue("Pass<word>123!");
                 _hc.SecretMasker.AddValue("Pass'word'123!");
+                _hc.SecretMasker.AddValue("\"Password123!!\"");
+                _hc.SecretMasker.AddValue("\"short\"");
 
                 // Assert.
                 Assert.Equal("123***123", _hc.SecretMasker.MaskSecrets("123Password123!123"));
@@ -99,6 +101,9 @@ namespace GitHub.Runner.Common.Tests
                 Assert.Equal("YWJjOlBh***", _hc.SecretMasker.MaskSecrets(Convert.ToBase64String(Encoding.UTF8.GetBytes($"abc:Password123!"))));
                 Assert.Equal("YWJjZDpQ***", _hc.SecretMasker.MaskSecrets(Convert.ToBase64String(Encoding.UTF8.GetBytes($"abcd:Password123!"))));
                 Assert.Equal("YWJjZGU6***", _hc.SecretMasker.MaskSecrets(Convert.ToBase64String(Encoding.UTF8.GetBytes($"abcde:Password123!"))));
+                Assert.Equal("123***123", _hc.SecretMasker.MaskSecrets("123Password123!!123"));
+                Assert.Equal("123short123", _hc.SecretMasker.MaskSecrets("123short123"));
+                Assert.Equal("123***123", _hc.SecretMasker.MaskSecrets("123\"short\"123"));
             }
             finally
             {