Remove masked secrets functionality from codebase

Author: cx-atish-jadhav

src/main/java/com/checkmarx/ast/secretsrealtime/MaskResult.java

@@ -80,5 +80,4 @@ public final class CxConstants {
     static final String SUB_CMD_IAC_REALTIME = "iac-realtime";
     static final String SUB_CMD_SECRETS_REALTIME = "secrets-realtime";
     static final String SUB_CMD_CONTAINERS_REALTIME = "containers-realtime";
-    static final String CMD_MASK_SECRETS = "mask";
 }

src/main/java/com/checkmarx/ast/secretsrealtime/MaskedSecret.java

@@ -6,7 +6,7 @@
 import com.checkmarx.ast.learnMore.LearnMore;
 import com.checkmarx.ast.ossrealtime.OssRealtimeResults;
 import com.checkmarx.ast.secretsrealtime.SecretsRealtimeResults;
-import com.checkmarx.ast.secretsrealtime.MaskResult;
+
 import com.checkmarx.ast.iacrealtime.IacRealtimeResults;
 import com.checkmarx.ast.containersrealtime.ContainersRealtimeResults;
 import com.checkmarx.ast.predicate.CustomState;
@@ -442,22 +442,7 @@ public SecretsRealtimeResults secretsRealtimeScan(@NonNull String sourcePath, St
         return realtimeScan(CxConstants.SUB_CMD_SECRETS_REALTIME, sourcePath, ignoredFilePath, SecretsRealtimeResults::fromLine);
     }
 
-    /**
-     * Executes mask secrets command to obfuscate/redact secrets in a file
-     * @param filePath path to the file to mask
-     * @return MaskResult containing masked secrets and masked file content
-     */
-    public MaskResult maskSecrets(@NonNull String filePath) throws IOException, InterruptedException, CxException {
-        this.logger.info("Executing 'mask' command using the CLI for file: {}", filePath);
 
-        List<String> arguments = new ArrayList<>();
-        arguments.add(CxConstants.CMD_MASK_SECRETS);
-        arguments.add(CxConstants.SOURCE);
-        arguments.add(filePath);
-
-        String output = Execution.executeCommand(withConfigArguments(arguments), logger, line -> line);
-        return MaskResult.fromJsonString(output);
-    }
 
     // Containers Realtime
     public ContainersRealtimeResults containersRealtimeScan(@NonNull String sourcePath, String ignoredFilePath)

src/main/java/com/checkmarx/ast/wrapper/CxConstants.java

@@ -2,8 +2,6 @@
 
 import com.checkmarx.ast.realtime.RealtimeLocation;
 import com.checkmarx.ast.secretsrealtime.SecretsRealtimeResults;
-import com.checkmarx.ast.secretsrealtime.MaskResult;
-import com.checkmarx.ast.secretsrealtime.MaskedSecret;
 import com.checkmarx.ast.wrapper.CxException;
 import org.junit.jupiter.api.*;
 
@@ -206,187 +204,6 @@ void secretsScanMultipleFileTypes() {
         }
     }
 
-    /* ------------------------------------------------------ */
-    /* Integration tests for Secrets Masking functionality    */
-    /* ------------------------------------------------------ */
-
-    /**
-     * Tests basic mask secrets functionality - successful case.
-     * Similar to the JavaScript test, verifies that the mask command returns proper MaskResult
-     * with masked secrets detected in a JSON file containing API keys and passwords.
-     */
-    @Test
-    @DisplayName("Mask secrets successful case - returns masked content")
-    void maskSecretsSuccessfulCase() throws Exception {
-        Assumptions.assumeTrue(isCliConfigured(), "PATH_TO_EXECUTABLE not configured - skipping integration test");
-        String secretsFile = "src/test/resources/secrets-test.json";
-        Assumptions.assumeTrue(Files.exists(Paths.get(secretsFile)), "Secrets test file not found - cannot test masking");
-
-        MaskResult result = wrapper.maskSecrets(secretsFile);
-
-        assertNotNull(result, "Mask result should not be null");
-        assertNotNull(result.getMaskedSecrets(), "Masked secrets list should be initialized");
-        assertNotNull(result.getMaskedFile(), "Masked file content should be provided");
-
-        // Expect at least one secret to be found in our test file
-        assertFalse(result.getMaskedSecrets().isEmpty(), "Should find masked secrets in test file");
-
-        // Verify structure of masked secrets
-        MaskedSecret firstSecret = result.getMaskedSecrets().get(0);
-        assertNotNull(firstSecret.getMasked(), "Masked value should be provided");
-        assertTrue(firstSecret.getLine() > 0, "Line number should be positive");
-
-        // Masked file should contain the original structure but with secrets redacted
-        assertFalse(result.getMaskedFile().trim().isEmpty(), "Masked file content should not be empty");
-        assertTrue(result.getMaskedFile().contains("{"), "Masked file should preserve JSON structure");
-    }
-
-    /**
-     * Tests mask functionality across different file types.
-     * Verifies that the mask command can handle various file extensions and formats
-     * without crashing and produces appropriate masked results.
-     */
-    @Test
-    @DisplayName("Mask secrets handles multiple file types correctly")
-    void maskSecretsMultipleFileTypes() {
-        Assumptions.assumeTrue(isCliConfigured(), "PATH_TO_EXECUTABLE not configured - skipping integration test");
-
-        String[] testFiles = {
-            "src/test/resources/python-vul-file.py",
-            "src/test/resources/csharp-file.cs"
-        };
-
-        for (String filePath : testFiles) {
-            if (Files.exists(Paths.get(filePath))) {
-                assertDoesNotThrow(() -> {
-                    MaskResult result = wrapper.maskSecrets(filePath);
-                    assertNotNull(result, "Mask result should not be null for file: " + filePath);
-                    assertNotNull(result.getMaskedSecrets(), "Masked secrets should be initialized for: " + filePath);
-                    assertNotNull(result.getMaskedFile(), "Masked file should not be null for: " + filePath);
-                }, "Mask command should handle file type gracefully: " + filePath);
-            }
-        }
-    }
-
-    /**
-     * Tests error handling when masking a non-existent file.
-     * Verifies that the mask command properly throws a CxException with meaningful error message
-     * when provided with invalid file paths.
-     */
-    @Test
-    @DisplayName("Mask secrets throws appropriate exception for non-existent file")
-    void maskSecretsHandlesInvalidPath() {
-        Assumptions.assumeTrue(isCliConfigured(), "PATH_TO_EXECUTABLE not configured - skipping integration test");
-
-        // Test with a non-existent file path
-        String invalidPath = "src/test/resources/NonExistentFile.py";
-
-        // The CLI should throw a CxException with a meaningful error message for invalid paths
-        CxException exception = assertThrows(CxException.class, () ->
-            wrapper.maskSecrets(invalidPath)
-        );
-
-        // Verify the exception contains information about the invalid file path
-        String errorMessage = exception.getMessage();
-        assertNotNull(errorMessage, "Exception should contain an error message");
-        assertTrue(errorMessage.contains("invalid file path") || errorMessage.contains("file") || errorMessage.contains("path"),
-                "Exception message should indicate the issue is related to file path: " + errorMessage);
-    }
-
-    /**
-     * Tests that masked file content differs from original when secrets are present.
-     * Verifies that the masking process actually modifies the file content to redact secrets.
-     */
-    @Test
-    @DisplayName("Masked file content differs from original when secrets exist")
-    void maskedContentDiffersFromOriginal() throws Exception {
-        Assumptions.assumeTrue(isCliConfigured(), "PATH_TO_EXECUTABLE not configured - skipping integration test");
-        String secretsFile = "src/test/resources/secrets-test.json";
-        Assumptions.assumeTrue(Files.exists(Paths.get(secretsFile)), "Secrets test file not found - cannot test content masking");
-
-        // Read original file content
-        String originalContent = Files.readString(Paths.get(secretsFile));
-
-        // Get masked content
-        MaskResult result = wrapper.maskSecrets(secretsFile);
-        assertNotNull(result, "Mask result should not be null");
-
-        String maskedContent = result.getMaskedFile();
-        assertNotNull(maskedContent, "Masked content should not be null");
-
-        // Since our test file contains secrets, the content should be different after masking
-        if (!result.getMaskedSecrets().isEmpty()) {
-            assertNotEquals(originalContent, maskedContent,
-                "Masked content should differ from original when secrets are present");
-
-            // Verify that original secrets are not present in masked content
-            assertFalse(maskedContent.contains("sk-1234567890abcdef1234567890abcdef"),
-                "Original API key should be masked in output");
-            assertFalse(maskedContent.contains("SuperSecret123!"),
-                "Original password should be masked in output");
-        }
-    }
-
-    /* ------------------------------------------------------ */
-    /* Unit tests for Mask JSON parsing functionality        */
-    /* ------------------------------------------------------ */
-
-    /**
-     * Tests MaskResult JSON parsing with valid mask command response.
-     * Verifies that well-formed mask JSON is correctly parsed into MaskResult objects.
-     */
-    @Test
-    @DisplayName("Valid mask JSON response parsing creates correct MaskResult")
-    void testMaskResultJsonParsing() {
-        String json = "{" +
-                "\"maskedSecrets\":[" +
-                "{\"masked\":\"****\",\"secret\":\"password123\",\"line\":5}," +
-                "{\"masked\":\"***\",\"secret\":\"key\",\"line\":10}" +
-                "]," +
-                "\"maskedFile\":\"const password = '****';\\nconst apiKey = '***';\"" +
-                "}";
-
-        MaskResult result = MaskResult.fromJsonString(json);
-
-        assertNotNull(result, "MaskResult should not be null");
-        assertEquals(2, result.getMaskedSecrets().size(), "Should parse 2 masked secrets");
-
-        MaskedSecret firstSecret = result.getMaskedSecrets().get(0);
-        assertEquals("****", firstSecret.getMasked());
-        assertEquals("password123", firstSecret.getSecret());
-        assertEquals(5, firstSecret.getLine());
-
-        MaskedSecret secondSecret = result.getMaskedSecrets().get(1);
-        assertEquals("***", secondSecret.getMasked());
-        assertEquals("key", secondSecret.getSecret());
-        assertEquals(10, secondSecret.getLine());
-
-        assertTrue(result.getMaskedFile().contains("const password = '****'"));
-        assertTrue(result.getMaskedFile().contains("const apiKey = '***'"));
-    }
-
-    /**
-     * Tests MaskResult parsing robustness with edge cases.
-     * Verifies that the parser gracefully handles various invalid input scenarios.
-     */
-    @Test
-    @DisplayName("MaskResult handles malformed JSON and edge cases gracefully")
-    void testMaskResultEdgeCases() {
-        // Blank/null inputs
-        assertNull(MaskResult.fromJsonString(""));
-        assertNull(MaskResult.fromJsonString("  "));
-        assertNull(MaskResult.fromJsonString(null));
-
-        // Invalid JSON structures
-        assertNull(MaskResult.fromJsonString("{"));
-        assertNull(MaskResult.fromJsonString("not a json"));
-
-        // Empty but valid JSON
-        MaskResult emptyResult = MaskResult.fromJsonString("{}");
-        assertNotNull(emptyResult);
-        assertTrue(emptyResult.getMaskedSecrets().isEmpty());
-        assertNotNull(emptyResult.getMaskedFile());
-    }
 
     /* ------------------------------------------------------ */
     /* Unit tests for JSON parsing robustness                */