Orange-OpenSource · hurl-bot · Dec 18, 2024 · Dec 18, 2024
diff --git a/integration/hurl/tests_failed/secret_overridden.err b/integration/hurl/tests_failed/secret_overridden.err
@@ -0,0 +1,9 @@
+error: Readonly secret
+  --> tests_failed/secret_overridden.hurl:6:11
+   |
+   | GET http://localhost:8000/hello
+   | ...
+ 6 | variable: name=a_public_value
+   |           ^^^^^^^^^^^^^^^^^^^ secret 'name' can't be reassigned
+   |
+
diff --git a/integration/hurl/tests_failed/secret_overridden.exit b/integration/hurl/tests_failed/secret_overridden.exit
@@ -0,0 +1 @@
+3
diff --git a/integration/hurl/tests_failed/secret_overridden.hurl b/integration/hurl/tests_failed/secret_overridden.hurl
@@ -0,0 +1,7 @@
+# We check that variable can't override secret because a secret becoming
+# a public variable will leak it previous secret value.
+GET http://localhost:8000/hello
+x-header: a_secret_value
+[Options]
+variable: name=a_public_value
+HTTP 200
diff --git a/integration/hurl/tests_failed/secret_overridden.ps1 b/integration/hurl/tests_failed/secret_overridden.ps1
@@ -0,0 +1,4 @@
+Set-StrictMode -Version latest
+$ErrorActionPreference = 'Stop'
+
+hurl --secret name=a_secret_value tests_failed/secret_overridden.hurl
diff --git a/integration/hurl/tests_failed/secret_overridden.sh b/integration/hurl/tests_failed/secret_overridden.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+set -Eeuo pipefail
+
+hurl --secret name=a_secret_value tests_failed/secret_overridden.hurl
diff --git a/packages/hurl/src/cli/options/matches.rs b/packages/hurl/src/cli/options/matches.rs
@@ -408,15 +408,17 @@ pub fn retry_interval(arg_matches: &ArgMatches) -> Result<Duration, CliOptionsEr
     get_duration(&s, DurationUnit::MilliSecond)
 }
 
-pub fn secret(matches: &ArgMatches) -> Result<HashMap<String, Value>, CliOptionsError> {
+pub fn secret(matches: &ArgMatches) -> Result<HashMap<String, String>, CliOptionsError> {
     let mut secrets = HashMap::new();
     if let Some(secret) = get_strings(matches, "secret") {
         for s in secret {
             let (name, value) = variables::parse(&s)?;
-            secrets.insert(name.to_string(), value);
+            // Secrets can only be string.
+            if let Value::String(value) = value {
+                secrets.insert(name, value);
+            }
         }
     }
-
     Ok(secrets)
 }
 

diff --git a/packages/hurl/src/cli/options/mod.rs b/packages/hurl/src/cli/options/mod.rs
@@ -90,7 +90,7 @@ pub struct CliOptions {
     pub resolves: Vec<String>,
     pub retry: Option<Count>,
     pub retry_interval: Duration,
-    pub secrets: HashMap<String, Value>,
+    pub secrets: HashMap<String, String>,
     pub ssl_no_revoke: bool,
     pub tap_file: Option<PathBuf>,
     pub test: bool,

diff --git a/packages/hurl/src/runner/variable.rs b/packages/hurl/src/runner/variable.rs
@@ -108,15 +108,17 @@ impl VariableSet {
             return Err(Error::ReadOnlySecret(name));
         }
         let variable = Variable::new(value, VariableKind::Public);
-        self.variables.insert(name.to_string(), variable);
+        self.variables.insert(name, variable);
         Ok(())
     }
 
-    /// Inserts a secret variable named `name` with `value` into the variable set.
+    /// Inserts a secret variable named `name` with a string `value` into the variable set.
     ///
     /// Contrary to [`VariableSet::insert`], this method can not fail: a secret can override a
-    /// public variable and a secret variable.
-    pub fn insert_secret(&mut self, name: String, value: Value) {
+    /// public variable and a secret variable. Secret are only string, that's why `value` is a
+    /// `String` and not a `[Value::String]`.
+    pub fn insert_secret(&mut self, name: String, value: String) {
+        let value = Value::String(value.to_string());
         let variable = Variable::new(value, VariableKind::Secret);
         self.variables.insert(name, variable);
     }
@@ -126,20 +128,10 @@ impl VariableSet {
         self.variables.get(name)
     }
 
-    /// Returns true if the variable set contains no variables.
-    pub fn is_empty(&self) -> bool {
-        self.variables.is_empty()
-    }
-
     /// Returns an iterator over all the variables values.
     pub fn iter(&self) -> impl Iterator<Item = (&String, &Variable)> {
         self.variables.iter()
     }
-
-    /// Returns the number of variables in the set.
-    pub fn len(&self) -> usize {
-        self.variables.len()
-    }
 }
 
 #[cfg(test)]
@@ -151,7 +143,6 @@ mod test {
     #[test]
     fn simple_variable_set() {
         let mut variables = VariableSet::new();
-        assert!(variables.is_empty());
 
         variables
             .insert("foo".to_string(), Value::String("xxx".to_string()))
@@ -165,9 +156,7 @@ mod test {
         variables
             .insert("baz".to_string(), Value::Number(Float(1.0)))
             .unwrap();
-        variables.insert_secret("quic".to_string(), Value::Number(Integer(42)));
-
-        assert_eq!(variables.len(), 4);
+        variables.insert_secret("quic".to_string(), "42".to_string());
 
         assert_eq!(
             variables.get("foo"),
@@ -191,7 +180,7 @@ mod test {
         assert_eq!(
             variables.get("quic"),
             Some(&Variable::new(
-                Value::Number(Integer(42)),
+                Value::String("42".to_string()),
                 VariableKind::Secret
             ))
         );
@@ -232,7 +221,7 @@ mod test {
     #[test]
     fn secret_cant_be_reassigned() {
         let mut variables = VariableSet::new();
-        variables.insert_secret("foo".to_string(), Value::Number(Integer(42)));
+        variables.insert_secret("foo".to_string(), "42".to_string());
         assert!(variables
             .insert("foo".to_string(), Value::String("xxx".to_string()))
             .is_err());