fix: process wrapper module now allows sanitising arguments

- args have a body, which is the actual argument string
- they also have a boolean indication for sanitising
- Skopeo now uses the new argument structure to sanitise credentials

Author: Shesekino

src/common/process.ts

@@ -1,10 +1,15 @@
 import { spawn, SpawnPromiseResult } from 'child-process-promise';
 import logger = require('./logger');
 
-export function exec(bin: string, ...args: string[]):
+export interface IProcessArgument {
+  body: string;
+  sanitise: boolean;
+}
+
+export function exec(bin: string, ...processArgs: IProcessArgument[]):
     Promise<SpawnPromiseResult> {
   if (process.env.DEBUG === 'true') {
-    args.push('--debug');
+    processArgs.push({body: '--debug', sanitise: false});
   }
 
   // Ensure we're not passing the whole environment to the shelled out process...
@@ -13,11 +18,12 @@ export function exec(bin: string, ...args: string[]):
     PATH: process.env.PATH,
   };
 
-  return spawn(bin, args, { env, capture: [ 'stdout', 'stderr' ] })
+  const allArguments = processArgs.map((arg) => arg.body);
+  return spawn(bin, allArguments, { env, capture: [ 'stdout', 'stderr' ] })
     .catch((error) => {
       const message = (error && error.stderr) || 'Unknown reason';
-      // TODO: sanitise args for secrets
-      logger.warn({message, bin, args}, 'could not spawn the process');
+      const loggableArguments = processArgs.filter((arg) => !arg.sanitise).map((arg) => arg.body);
+      logger.warn({message, bin, loggableArguments}, 'could not spawn the process');
       throw error;
     });
 }

src/images/skopeo.ts

@@ -1,11 +1,10 @@
 import { SpawnPromiseResult } from 'child-process-promise';
 
-import { exec } from '../common/process';
+import * as processWrapper from '../common/process';
 import * as config from'../common/config';
 import * as credentials from './credentials';
 import { SkopeoRepositoryType } from '../kube-scanner/types';
 
-
 function getUniqueIdentifier(): string {
   const [seconds, nanoseconds] = process.hrtime();
   return `${seconds}_${nanoseconds}`;
@@ -38,17 +37,20 @@ export async function pull(
   const creds = await credentials.getSourceCredentials(image);
   const credentialsParameters = getCredentialParameters(creds);
 
-  return exec('skopeo', 'copy', ...credentialsParameters,
-    prefixRespository(image, SkopeoRepositoryType.ImageRegistry),
-    prefixRespository(destination, SkopeoRepositoryType.DockerArchive),
-  );
+  const args: Array<processWrapper.IProcessArgument> = [];
+  args.push({body: 'copy', sanitise: false});
+  args.push(...credentialsParameters);
+  args.push({body: prefixRespository(image, SkopeoRepositoryType.ImageRegistry), sanitise: false});
+  args.push({body: prefixRespository(destination, SkopeoRepositoryType.DockerArchive), sanitise: false});
+
+  return processWrapper.exec('skopeo', ...args);
 }
 
-export function getCredentialParameters(credentials: string | undefined): Array<string> {
-  const credentialsParameters: Array<string> = [];
+export function getCredentialParameters(credentials: string | undefined): Array<processWrapper.IProcessArgument> {
+  const credentialsParameters: Array<processWrapper.IProcessArgument> = [];
   if (credentials) {
-    credentialsParameters.push('--src-creds');
-    credentialsParameters.push(credentials);
+    credentialsParameters.push({body: '--src-creds', sanitise: true});
+    credentialsParameters.push({body: credentials, sanitise: true});
   }
   return credentialsParameters;
 }

test/unit/skopeo.test.ts

@@ -15,7 +15,10 @@ tap.test('getCredentialParameters()', async (t) => {
   const credentialParametersForSomeCredentials = skopeo.getCredentialParameters(someCredentials);
   t.same(
     credentialParametersForSomeCredentials,
-    ['--src-creds', someCredentials],
+    [
+      {body: '--src-creds', sanitise: true},
+      {body: someCredentials, sanitise: true}
+    ],
     'returns Skopeo\'s args for source credentials',
   );
 });