review improve

Author: andrzej-janczak

cmd/root.go

@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"os"
 	"path/filepath"
+	"strings"
 
 	"codacy/cli-v2/config"
 	"codacy/cli-v2/utils/logger"
@@ -42,14 +43,7 @@ var rootCmd = &cobra.Command{
 		})
 
 		// Create a masked version of the full command for logging
-		maskedArgs := make([]string, len(os.Args))
-		copy(maskedArgs, os.Args)
-		for i, arg := range maskedArgs {
-			if i > 0 && (arg == "--api-token" || arg == "--repository-token" ||
-				arg == "--project-token" || arg == "--codacy-api-token") && i < len(maskedArgs)-1 {
-				maskedArgs[i+1] = "***"
-			}
-		}
+		maskedArgs := maskSensitiveArgs(os.Args)
 
 		// Log the command being executed with its arguments and flags
 		logger.Info("Executing CLI command", logrus.Fields{
@@ -156,3 +150,37 @@ Use "{{.CommandPath}} [command] --help" for more information about a command.{{e
 https://github.com/codacy/codacy-cli-v2
 `)
 }
+
+// maskSensitiveArgs creates a copy of the arguments with sensitive values masked
+func maskSensitiveArgs(args []string) []string {
+	maskedArgs := make([]string, len(args))
+	copy(maskedArgs, args)
+
+	sensitiveFlags := map[string]bool{
+		"--api-token":        true,
+		"--repository-token": true,
+		"--project-token":    true,
+		"--codacy-api-token": true,
+	}
+
+	for i, arg := range maskedArgs {
+		// Skip the first argument (program name)
+		if i == 0 {
+			continue
+		}
+
+		// Handle --flag=value format
+		for flag := range sensitiveFlags {
+			if strings.HasPrefix(arg, flag+"=") {
+				maskedArgs[i] = flag + "=***"
+				break
+			}
+		}
+
+		// Handle --flag value format
+		if sensitiveFlags[arg] && i < len(maskedArgs)-1 {
+			maskedArgs[i+1] = "***"
+		}
+	}
+	return maskedArgs
+}

cmd/root_test.go

@@ -0,0 +1,73 @@
+package cmd
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestMaskSensitiveArgs(t *testing.T) {
+	tests := []struct {
+		name     string
+		args     []string
+		expected []string
+	}{
+		{
+			name:     "no sensitive flags",
+			args:     []string{"codacy-cli", "analyze", "--tool", "eslint"},
+			expected: []string{"codacy-cli", "analyze", "--tool", "eslint"},
+		},
+		{
+			name:     "api token with space",
+			args:     []string{"codacy-cli", "init", "--api-token", "secret123", "--tool", "eslint"},
+			expected: []string{"codacy-cli", "init", "--api-token", "***", "--tool", "eslint"},
+		},
+		{
+			name:     "api token with equals",
+			args:     []string{"codacy-cli", "init", "--api-token=secret123", "--tool", "eslint"},
+			expected: []string{"codacy-cli", "init", "--api-token=***", "--tool", "eslint"},
+		},
+		{
+			name:     "repository token at end with space",
+			args:     []string{"codacy-cli", "init", "--repository-token", "secret123"},
+			expected: []string{"codacy-cli", "init", "--repository-token", "***"},
+		},
+		{
+			name:     "repository token at end with equals",
+			args:     []string{"codacy-cli", "init", "--repository-token=secret123"},
+			expected: []string{"codacy-cli", "init", "--repository-token=***"},
+		},
+		{
+			name:     "project token at start with space",
+			args:     []string{"codacy-cli", "--project-token", "secret123", "analyze"},
+			expected: []string{"codacy-cli", "--project-token", "***", "analyze"},
+		},
+		{
+			name:     "project token at start with equals",
+			args:     []string{"codacy-cli", "--project-token=secret123", "analyze"},
+			expected: []string{"codacy-cli", "--project-token=***", "analyze"},
+		},
+		{
+			name:     "multiple tokens mixed format",
+			args:     []string{"codacy-cli", "--api-token=secret1", "--project-token", "secret2"},
+			expected: []string{"codacy-cli", "--api-token=***", "--project-token", "***"},
+		},
+		{
+			name:     "token flag at end without value",
+			args:     []string{"codacy-cli", "analyze", "--api-token"},
+			expected: []string{"codacy-cli", "analyze", "--api-token"},
+		},
+		{
+			name:     "empty value after equals",
+			args:     []string{"codacy-cli", "--api-token="},
+			expected: []string{"codacy-cli", "--api-token=***"},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			masked := maskSensitiveArgs(tt.args)
+			assert.Equal(t, tt.expected, masked, "masked arguments should match expected")
+		})
+	}
+}