chore: changes to clean raw input

Author: DmitryAnansky

packages/cli/src/__tests__/utils.test.ts

@@ -28,7 +28,7 @@ import { blue, red, yellow } from 'colorette';
 import { existsSync, statSync } from 'fs';
 import * as path from 'path';
 import * as process from 'process';
-import { ConfigApis } from '../types';
+import { CommandOptions, ConfigApis } from '../types';
 
 jest.mock('os');
 jest.mock('colorette');
@@ -592,9 +592,31 @@ describe('cleanRawInput', () => {
       '--config=fixtures/redocly.yaml',
       '--output',
       'fixtures',
+      '--client-cert',
+      'fixtures/client-cert.pem',
+      '--client-key',
+      'fixtures/client-key.pem',
+      '--ca-cert',
+      'fixtures/ca-cert.pem',
+      '--organization',
+      'my-org',
+      '--input',
+      'timeout=10000',
+      '--input',
+      '{"apiKey":"some=111=1111"}',
     ];
-    expect(cleanRawInput(rawInput)).toEqual(
-      'redocly bundle api-name@api-version file-yaml http://url --config=file-yaml --output folder'
+    expect(
+      cleanRawInput(rawInput, {
+        input: ['timeout=10000', '{"apiKey":"some=111=1111"}'],
+        organization: 'my-org',
+        'client-cert': 'fixtures/client-cert.pem',
+        'client-key': 'fixtures/client-key.pem',
+        'ca-cert': 'fixtures/ca-cert.pem',
+        config: 'fixtures/redocly.yaml',
+        output: 'fixtures',
+      } as CommandOptions)
+    ).toEqual(
+      'redocly bundle api-name@api-version file-yaml http://url --config=file-yaml --output folder --client-cert *** --client-key *** --ca-cert *** --organization *** --input *** --input ***'
     );
   });
   it('should preserve safe data from raw CLI input', () => {
@@ -608,7 +630,13 @@ describe('cleanRawInput', () => {
       '--skip-rule',
       'operation-4xx-response',
     ];
-    expect(cleanRawInput(rawInput)).toEqual(
+    expect(
+      cleanRawInput(rawInput, {
+        format: 'stylish',
+        extends: 'minimal',
+        'skip-rule': ['operation-4xx-response'],
+      } as CommandOptions)
+    ).toEqual(
       'redocly lint file-json --format stylish --extends=minimal --skip-rule operation-4xx-response'
     );
   });

packages/cli/src/utils/miscellaneous.ts

@@ -44,6 +44,8 @@ import type {
 import type { RawConfigProcessor } from '@redocly/openapi-core/lib/config';
 import type { Totals, Entrypoint, ConfigApis, CommandOptions, OutputExtensions } from '../types';
 
+const KEYS_TO_CLEAN = ['organization', 'o', 'input', 'i', 'client-cert', 'client-key', 'ca-cert'];
+
 export async function getFallbackApisOrExit(
   argsApis: string[] | undefined,
   config: ConfigApis
@@ -583,14 +585,16 @@ export async function sendTelemetry(
       exit_code,
       environment: process.env.REDOCLY_ENVIRONMENT,
       environment_ci: process.env.CI,
-      raw_input: cleanRawInput(process.argv.slice(2)),
+      raw_input: cleanRawInput(process.argv.slice(2), args),
       has_config: has_config ? 'yes' : 'no',
       spec_version,
       spec_keyword,
       spec_full_version,
     };
     const { otelTelemetry } = await import('../otel');
     otelTelemetry.init();
+    console.log('JSON.stringify(cleanArgs(args)),', JSON.stringify(cleanArgs(args)));
+    console.log('RAW_I', cleanRawInput(process.argv.slice(2), args));
     otelTelemetry.send(data.command, data);
   } catch (err) {
     // Do nothing.
@@ -627,7 +631,7 @@ function isDirectory(value: string) {
   return fs.existsSync(value) && fs.statSync(value).isDirectory();
 }
 
-function cleanString(value?: string): string | undefined {
+function cleanString(value: string): string | undefined {
   if (!value) {
     return value;
   }
@@ -647,11 +651,9 @@ function cleanString(value?: string): string | undefined {
 }
 
 export function cleanArgs(args: CommandOptions) {
-  const keysToClean = ['organization', 'o', 'input', 'i', 'client-cert', 'client-key', 'ca-cert'];
-
   const result: Record<string, unknown> = {};
   for (const [key, value] of Object.entries(args)) {
-    if (keysToClean.includes(key)) {
+    if (KEYS_TO_CLEAN.includes(key)) {
       result[key] = '***';
     } else if (typeof value === 'string') {
       result[key] = cleanString(value);
@@ -665,8 +667,29 @@ export function cleanArgs(args: CommandOptions) {
   return result;
 }
 
-export function cleanRawInput(argv: string[]) {
-  return argv.map((entry) => entry.split('=').map(cleanString).join('=')).join(' ');
+export function cleanRawInput(argv: string[], parsedArgs: CommandOptions) {
+  const stringsToMask: string[] = [];
+  for (const [key, value] of Object.entries(parsedArgs)) {
+    if (KEYS_TO_CLEAN.includes(key)) {
+      if (typeof value === 'string') {
+        stringsToMask.push(value);
+      } else if (Array.isArray(value)) {
+        stringsToMask.push(...value);
+      }
+    }
+  }
+
+  return argv
+    .map((entry) => {
+      for (const stringToMask of stringsToMask) {
+        if (entry.includes(stringToMask)) {
+          // Replace only the exact sensitive string with ***
+          return entry.replace(stringToMask, '***');
+        }
+      }
+      return entry.split('=').map(cleanString).join('=');
+    })
+    .join(' ');
 }
 
 export function checkForDeprecatedOptions<T>(argv: T, deprecatedOptions: Array<keyof T>) {