honeymoose
/
angular-cn
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(dev-infra): incorrect token sanitization when no token is specified (#37489) 

We recently moved over the git client from the merge script to the
common dev-infra utils. This made specifying a token optional, but
it looks like the logic for sanitizing messages doesn't account
for that, and we currently add `<TOKEN>` between every message
character. e.g.

```
Executing: git <TOKEN>g<TOKEN>i<TOKEN>t<TOKEN>
<TOKEN>s<TOKEN>t<TOKEN>a<TOKEN>t<TOKEN>u<TOKEN>s<TOKEN>
```

PR Close #37489
This commit is contained in:
Paul Gschwendtner 2020-06-05 23:32:42 +02:00 committed by atscott
parent 7301e70ddd
commit bb924b63e6
2 changed files with 25 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
dev-infra/utils/git.ts
View File

@ -61,11 +61,21 @@ export class GitClient {
private _projectRoot = getRepoBaseDir(); private _projectRoot = getRepoBaseDir();
/** The OAuth scopes available for the provided Github token. */ /** The OAuth scopes available for the provided Github token. */
private _oauthScopes: Promise<string[]>|null = null; private _oauthScopes: Promise<string[]>|null = null;
/** Regular expression that matches the provided Github token. */ /**
private _tokenRegex = new RegExp(this._githubToken, 'g'); * Regular expression that matches the provided Github token. Used for
* sanitizing the token from Git child process output.
*/
private _githubTokenRegex: RegExp|null = null;
constructor( constructor(
private _githubToken = '', private _config: Pick<NgDevConfig, 'github'> = getConfig()) { private _githubToken?: string, private _config: Pick<NgDevConfig, 'github'> = getConfig()) {
// If a token has been specified (and is not empty), pass it to the Octokit API and
// also create a regular expression that can be used for sanitizing Git command output
// so that it does not print the token accidentally.
if (_githubToken != null) {
this._githubTokenRegex = new RegExp(_githubToken, 'g');
}
this.api = new Octokit({auth: _githubToken}); this.api = new Octokit({auth: _githubToken});
this.api.hook.error('request', error => { this.api.hook.error('request', error => {
// Wrap API errors in a known error class. This allows us to // Wrap API errors in a known error class. This allows us to
@ -137,7 +147,12 @@ export class GitClient {
/** Sanitizes a given message by omitting the provided Github token if present. */ /** Sanitizes a given message by omitting the provided Github token if present. */
omitGithubTokenFromMessage(value: string): string { omitGithubTokenFromMessage(value: string): string {
return value.replace(this._tokenRegex, '<TOKEN>'); // If no token has been defined (i.e. no token regex), we just return the
// value as is. There is no secret value that needs to be omitted.
if (this._githubTokenRegex === null) {
return value;
}
return value.replace(this._githubTokenRegex, '<TOKEN>');
} }
/** /**

9
dev-infra/utils/shelljs.ts
View File

@ -8,7 +8,10 @@
import {exec as _exec, ExecOptions, ShellString} from 'shelljs'; import {exec as _exec, ExecOptions, ShellString} from 'shelljs';
/* Run an exec command as silent. */ /**
export function exec(cmd: string, opts?: ExecOptions&{async?: false}): ShellString { * Runs an given command as child process. By default, child process
return _exec(cmd, {silent: true, ...opts}); * output will not be printed.
*/
export function exec(cmd: string, opts?: Omit<ExecOptions, 'async'>): ShellString {
return _exec(cmd, {silent: true, ...opts, async: false});
} }