From 9995950c70e849f9921919faffbfcf46401f71f3 Mon Sep 17 00:00:00 2001 From: Christopher Angelo Phillips <32073428+spiffcs@users.noreply.github.com> Date: Fri, 3 Feb 2023 13:06:14 -0500 Subject: [PATCH] fix: update config struct to not decode password/key (#1538) * fix: update config struct to not decode password/key * test: update tests to confirm no secrets in output Signed-off-by: Christopher Phillips --------- Signed-off-by: Christopher Phillips --- internal/config/attest.go | 5 +++-- test/cli/packages_cmd_test.go | 14 ++++++++++++++ 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/internal/config/attest.go b/internal/config/attest.go index f0493d7bfce5..659c7d3ed7fc 100644 --- a/internal/config/attest.go +++ b/internal/config/attest.go @@ -3,8 +3,9 @@ package config import "github.com/spf13/viper" type attest struct { - Key string `yaml:"key" json:"key" mapstructure:"key"` - Password string `yaml:"password" json:"password" mapstructure:"password"` + // IMPORTANT: do not show the attestation key/password in any YAML/JSON output (sensitive information) + Key string `yaml:"-" json:"-" mapstructure:"key"` + Password string `yaml:"-" json:"-" mapstructure:"password"` } func (cfg attest) loadDefaultValues(v *viper.Viper) { diff --git a/test/cli/packages_cmd_test.go b/test/cli/packages_cmd_test.go index 6a768dcdb209..20ec9fa7e417 100644 --- a/test/cli/packages_cmd_test.go +++ b/test/cli/packages_cmd_test.go @@ -229,6 +229,20 @@ func TestPackagesCmdFlags(t *testing.T) { assertSuccessfulReturnCode, }, }, + { + name: "password and key not in config output", + args: []string{"packages", "-vvv", "-o", "json", coverageImage}, + env: map[string]string{ + "SYFT_ATTEST_PASSWORD": "secret_password", + "SYFT_ATTEST_KEY": "secret_key_path", + }, + assertions: []traitAssertion{ + assertNotInOutput("secret_password"), + assertNotInOutput("secret_key_path"), + assertPackageCount(34), + assertSuccessfulReturnCode, + }, + }, } for _, test := range tests {