initial commit [ci skip]
This commit is contained in:
Brad Rydzewski
56
engine/replacer/replacer.go
Normal file
56
engine/replacer/replacer.go
Normal file
@@ -0,0 +1,56 @@
|
||||
// Code generated automatically. DO NOT EDIT.
|
||||
|
||||
// Copyright 2019 Drone.IO Inc. All rights reserved.
|
||||
// Use of this source code is governed by the Polyform License
|
||||
// that can be found in the LICENSE file.
|
||||
|
||||
package replacer
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"io"
|
||||
"strings"
|
||||
|
||||
"github.com/drone-runners/drone-runner-docker/engine"
|
||||
)
|
||||
|
||||
const maskedf = "[secret:%s]"
|
||||
|
||||
// Replacer is an io.Writer that finds and masks sensitive data.
|
||||
type Replacer struct {
|
||||
w io.WriteCloser
|
||||
r *strings.Replacer
|
||||
}
|
||||
|
||||
// New returns a replacer that wraps writer w.
|
||||
func New(w io.WriteCloser, secrets []*engine.Secret) io.WriteCloser {
|
||||
var oldnew []string
|
||||
for _, secret := range secrets {
|
||||
if len(secret.Data) == 0 || secret.Mask == false {
|
||||
continue
|
||||
}
|
||||
name := strings.ToLower(secret.Name)
|
||||
masked := fmt.Sprintf(maskedf, name)
|
||||
oldnew = append(oldnew, string(secret.Data))
|
||||
oldnew = append(oldnew, masked)
|
||||
}
|
||||
if len(oldnew) == 0 {
|
||||
return w
|
||||
}
|
||||
return &Replacer{
|
||||
w: w,
|
||||
r: strings.NewReplacer(oldnew...),
|
||||
}
|
||||
}
|
||||
|
||||
// Write writes p to the base writer. The method scans for any
|
||||
// sensitive data in p and masks before writing.
|
||||
func (r *Replacer) Write(p []byte) (n int, err error) {
|
||||
_, err = r.w.Write([]byte(r.r.Replace(string(p))))
|
||||
return len(p), err
|
||||
}
|
||||
|
||||
// Close closes the base writer.
|
||||
func (r *Replacer) Close() error {
|
||||
return r.w.Close()
|
||||
}
|
||||
56
engine/replacer/replacer_test.go
Normal file
56
engine/replacer/replacer_test.go
Normal file
@@ -0,0 +1,56 @@
|
||||
// Code generated automatically. DO NOT EDIT.
|
||||
|
||||
// Copyright 2019 Drone.IO Inc. All rights reserved.
|
||||
// Use of this source code is governed by the Polyform License
|
||||
// that can be found in the LICENSE file.
|
||||
|
||||
package replacer
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"io"
|
||||
"testing"
|
||||
|
||||
"github.com/drone-runners/drone-runner-docker/engine"
|
||||
)
|
||||
|
||||
func TestReplace(t *testing.T) {
|
||||
secrets := []*engine.Secret{
|
||||
{Name: "DOCKER_USERNAME", Data: []byte("octocat"), Mask: false},
|
||||
{Name: "DOCKER_PASSWORD", Data: []byte("correct-horse-batter-staple"), Mask: true},
|
||||
{Name: "DOCKER_EMAIL", Data: []byte(""), Mask: true},
|
||||
}
|
||||
|
||||
buf := new(bytes.Buffer)
|
||||
w := New(&nopCloser{buf}, secrets)
|
||||
w.Write([]byte("username octocat password correct-horse-batter-staple"))
|
||||
w.Close()
|
||||
|
||||
if got, want := buf.String(), "username octocat password [secret:docker_password]"; got != want {
|
||||
t.Errorf("Want masked string %s, got %s", want, got)
|
||||
}
|
||||
}
|
||||
|
||||
// this test verifies that if there are no secrets to scan and
|
||||
// mask, the io.WriteCloser is returned as-is.
|
||||
func TestReplaceNone(t *testing.T) {
|
||||
secrets := []*engine.Secret{
|
||||
{Name: "DOCKER_USERNAME", Data: []byte("octocat"), Mask: false},
|
||||
{Name: "DOCKER_PASSWORD", Data: []byte("correct-horse-batter-staple"), Mask: false},
|
||||
}
|
||||
|
||||
buf := new(bytes.Buffer)
|
||||
w := &nopCloser{buf}
|
||||
r := New(w, secrets)
|
||||
if w != r {
|
||||
t.Errorf("Expect buffer returned with no replacer")
|
||||
}
|
||||
}
|
||||
|
||||
type nopCloser struct {
|
||||
io.Writer
|
||||
}
|
||||
|
||||
func (*nopCloser) Close() error {
|
||||
return nil
|
||||
}
|
||||
Reference in New Issue
Block a user