mirror of
https://github.com/actions/runner.git
synced 2025-12-12 05:37:01 +00:00
Add masks for multiline secrets from ::add-mask:: (#1521)
* Add mask for multiline secrets. * .
This commit is contained in:
Tingluo Huang
@@ -381,6 +381,13 @@ namespace GitHub.Runner.Worker
|
||||
|
||||
HostContext.SecretMasker.AddValue(command.Data);
|
||||
Trace.Info($"Add new secret mask with length of {command.Data.Length}");
|
||||
|
||||
// Also add each individual line. Typically individual lines are processed from STDOUT of child processes.
|
||||
var split = command.Data.Split(new[] { '\r', '\n' }, StringSplitOptions.RemoveEmptyEntries | StringSplitOptions.TrimEntries);
|
||||
foreach (var item in split)
|
||||
{
|
||||
HostContext.SecretMasker.AddValue(item);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -24,7 +24,8 @@ namespace GitHub.Runner.Worker
|
||||
private ManualResetEvent _completedCommand = new ManualResetEvent(false);
|
||||
|
||||
// Do not mask the values of these secrets
|
||||
private static HashSet<String> SecretVariableMaskWhitelist = new HashSet<String>(StringComparer.OrdinalIgnoreCase){
|
||||
private static HashSet<String> SecretVariableMaskWhitelist = new HashSet<String>(StringComparer.OrdinalIgnoreCase)
|
||||
{
|
||||
Constants.Variables.Actions.StepDebug,
|
||||
Constants.Variables.Actions.RunnerDebug
|
||||
};
|
||||
@@ -138,10 +139,10 @@ namespace GitHub.Runner.Worker
|
||||
HostContext.SecretMasker.AddValue(value);
|
||||
|
||||
// Also add each individual line. Typically individual lines are processed from STDOUT of child processes.
|
||||
var split = value.Split(new[] { '\r', '\n' }, StringSplitOptions.RemoveEmptyEntries);
|
||||
var split = value.Split(new[] { '\r', '\n' }, StringSplitOptions.RemoveEmptyEntries | StringSplitOptions.TrimEntries);
|
||||
foreach (var item in split)
|
||||
{
|
||||
HostContext.SecretMasker.AddValue(item.Trim());
|
||||
HostContext.SecretMasker.AddValue(item);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -418,6 +418,31 @@ namespace GitHub.Runner.Common.Tests.Worker
|
||||
}
|
||||
}
|
||||
|
||||
[Fact]
|
||||
[Trait("Level", "L0")]
|
||||
[Trait("Category", "Worker")]
|
||||
public void AddMaskWithMultilineValue()
|
||||
{
|
||||
using (TestHostContext hc = CreateTestContext())
|
||||
{
|
||||
// Act
|
||||
_commandManager.TryProcessCommand(_ec.Object, $"::add-mask::abc%0Ddef%0Aghi%0D%0Ajkl", null);
|
||||
_commandManager.TryProcessCommand(_ec.Object, $"::add-mask:: %0D %0A %0D%0A %0D", null);
|
||||
|
||||
// Assert
|
||||
Assert.Equal("***", hc.SecretMasker.MaskSecrets("abc"));
|
||||
Assert.Equal("***", hc.SecretMasker.MaskSecrets("def"));
|
||||
Assert.Equal("***", hc.SecretMasker.MaskSecrets("ghi"));
|
||||
Assert.Equal("***", hc.SecretMasker.MaskSecrets("jkl"));
|
||||
Assert.Equal("***", hc.SecretMasker.MaskSecrets("abc\rdef\nghi\r\njkl"));
|
||||
Assert.Equal("", hc.SecretMasker.MaskSecrets(""));
|
||||
Assert.Equal(" ", hc.SecretMasker.MaskSecrets(" "));
|
||||
Assert.Equal(" ", hc.SecretMasker.MaskSecrets(" "));
|
||||
Assert.Equal(" ", hc.SecretMasker.MaskSecrets(" "));
|
||||
Assert.Equal(" ", hc.SecretMasker.MaskSecrets(" "));
|
||||
}
|
||||
}
|
||||
|
||||
private TestHostContext CreateTestContext([CallerMemberName] string testName = "")
|
||||
{
|
||||
var hostContext = new TestHostContext(this, testName);
|
||||
@@ -431,6 +456,7 @@ namespace GitHub.Runner.Common.Tests.Worker
|
||||
new InternalPluginSetRepoPathCommandExtension(),
|
||||
new SetEnvCommandExtension(),
|
||||
new WarningCommandExtension(),
|
||||
new AddMaskCommandExtension(),
|
||||
};
|
||||
foreach (var command in commands)
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user