From bea4db6ec72bfa89ac8114623f309e0bc0b31407 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vlado=20Paji=C4=87?= Date: Fri, 18 Apr 2025 18:36:44 +0200 Subject: [PATCH] add config redaction --- pkg/testcoverage/check.go | 8 ++++---- pkg/testcoverage/config.go | 19 +++++++++++++++++++ pkg/testcoverage/config_test.go | 30 ++++++++++++++++++++++++++++++ 3 files changed, 53 insertions(+), 4 deletions(-) diff --git a/pkg/testcoverage/check.go b/pkg/testcoverage/check.go index be018858..301ffab1 100644 --- a/pkg/testcoverage/check.go +++ b/pkg/testcoverage/check.go @@ -12,13 +12,13 @@ import ( "github.com/vladopajic/go-test-coverage/v2/pkg/testcoverage/logger" ) -//nolint:maintidx // relax -func Check(wout io.Writer, cfg Config) (bool, error) { +//nolint:maintidx,nonamedreturns // relax +func Check(wout io.Writer, cfg Config) (pass bool, err error) { buffer := &bytes.Buffer{} w := bufio.NewWriter(buffer) //nolint:errcheck // relax defer func() { - if cfg.Debug { + if cfg.Debug || err != nil { wout.Write(logger.Bytes()) wout.Write([]byte("-------------------------\n\n")) } @@ -33,7 +33,7 @@ func Check(wout io.Writer, cfg Config) (bool, error) { } logger.L.Info().Msg("running check...") - logger.L.Info().Any("config", cfg).Msg("using configuration") + logger.L.Info().Any("config", cfg.Redacted()).Msg("using configuration") currentStats, err := GenerateCoverageStats(cfg) if err != nil { diff --git a/pkg/testcoverage/config.go b/pkg/testcoverage/config.go index 7a89fc99..fc245e0b 100644 --- a/pkg/testcoverage/config.go +++ b/pkg/testcoverage/config.go @@ -13,6 +13,8 @@ import ( "github.com/vladopajic/go-test-coverage/v2/pkg/testcoverage/badgestorer" ) +const HiddenValue = "***" + var ( ErrThresholdNotInRange = errors.New("threshold must be in range [0 - 100]") ErrCoverageProfileNotSpecified = errors.New("coverage profile file not specified") @@ -60,6 +62,23 @@ type Badge struct { Git badgestorer.Git } +//nolint:wsl,mnd // relax +func (c Config) Redacted() Config { + r := c + + if r.Badge.CDN.Key != "" { + r.Badge.CDN.Key = r.Badge.CDN.Key[0:min(len(r.Badge.CDN.Key), 5)] + HiddenValue + } + if r.Badge.CDN.Secret != "" { + r.Badge.CDN.Secret = HiddenValue + } + if r.Badge.Git.Token != "" { + r.Badge.Git.Token = HiddenValue + } + + return r +} + func (c Config) Validate() error { validateRegexp := func(s string) error { _, err := regexp.Compile("(?i)" + s) diff --git a/pkg/testcoverage/config_test.go b/pkg/testcoverage/config_test.go index 24a686f0..d4f1bceb 100644 --- a/pkg/testcoverage/config_test.go +++ b/pkg/testcoverage/config_test.go @@ -12,6 +12,36 @@ import ( const nonEmptyStr = "any" +func Test_Config_Redacted(t *testing.T) { + t.Parallel() + + cfg := newValidCfg() + cfg.Badge.Git.Token = nonEmptyStr + cfg.Badge.CDN.Secret = nonEmptyStr + cfg.Badge.CDN.Key = nonEmptyStr + + r := cfg.Redacted() + + // redacted should not be equal to original + assert.NotEqual(t, cfg, r) + + // original should not change + assert.Equal(t, nonEmptyStr, cfg.Badge.Git.Token) + assert.Equal(t, nonEmptyStr, cfg.Badge.CDN.Secret) + assert.Equal(t, nonEmptyStr, cfg.Badge.CDN.Key) + + // redacted should have hidden values + assert.Equal(t, HiddenValue, r.Badge.Git.Token) + assert.Equal(t, HiddenValue, r.Badge.CDN.Secret) + assert.Equal(t, nonEmptyStr+HiddenValue, r.Badge.CDN.Key) + + // redacted config of empty field should not do anything + r = Config{}.Redacted() + assert.Empty(t, r.Badge.Git.Token) + assert.Empty(t, r.Badge.CDN.Secret) + assert.Empty(t, r.Badge.CDN.Key) +} + func Test_Config_Validate(t *testing.T) { t.Parallel()