mask secrets with double-quotes when passed to docker command line (#1002)

2025-12-11 12:57:05 +00:00 · 2021-03-05 15:17:55 -06:00
parent af198237ca
commit 8109c962f0
2 changed files with 7 additions and 0 deletions
--- a/src/Runner.Common/HostContext.cs
+++ b/src/Runner.Common/HostContext.cs
@@ -84,6 +84,7 @@ namespace GitHub.Runner.Common
            this.SecretMasker.AddValueEncoder(ValueEncoders.Base64StringEscape);
            this.SecretMasker.AddValueEncoder(ValueEncoders.Base64StringEscapeShift1);
            this.SecretMasker.AddValueEncoder(ValueEncoders.Base64StringEscapeShift2);
            this.SecretMasker.AddValueEncoder(ValueEncoders.CommandLineArgumentEscape);
            this.SecretMasker.AddValueEncoder(ValueEncoders.ExpressionStringEscape);
            this.SecretMasker.AddValueEncoder(ValueEncoders.JsonStringEscape);
            this.SecretMasker.AddValueEncoder(ValueEncoders.UriDataEscape);
--- a/src/Sdk/DTLogging/Logging/ValueEncoders.cs
+++ b/src/Sdk/DTLogging/Logging/ValueEncoders.cs
@@ -37,6 +37,12 @@ namespace GitHub.DistributedTask.Logging
            return Base64StringEscapeShift(value, 2);
        }
        // Used when we pass environment variables to docker to escape " with \"
        public static String CommandLineArgumentEscape(String value)
        {
            return value.Replace("\"", "\\\"");
        }
        public static String ExpressionStringEscape(String value)
        {
            return Expressions2.Sdk.ExpressionUtility.StringEscape(value);