From 587b76c70c32a306d96485a428af8f24a03d3d1a Mon Sep 17 00:00:00 2001 From: Integralist Date: Wed, 1 Nov 2023 11:00:45 +0000 Subject: [PATCH] feat(compute/build): display secrets warning with --debug-mode --- pkg/commands/compute/build.go | 10 ++++++++-- pkg/global/global.go | 23 ++++++++++++++++------- 2 files changed, 24 insertions(+), 9 deletions(-) diff --git a/pkg/commands/compute/build.go b/pkg/commands/compute/build.go index 6e3c8a1ca..6b8c24b0e 100644 --- a/pkg/commands/compute/build.go +++ b/pkg/commands/compute/build.go @@ -247,7 +247,7 @@ func (c *BuildCommand) Exec(in io.Reader, out io.Writer) (err error) { */ metadataDisable, _ := strconv.ParseBool(c.Globals.Env.WasmMetadataDisable) if c.MetadataEnable && !metadataDisable { - if err := c.AnnotateWasmBinaryLong(wasmtools, metadataArgs, language); err != nil { + if err := c.AnnotateWasmBinaryLong(wasmtools, metadataArgs, language, out); err != nil { return err } } else { @@ -352,7 +352,7 @@ func (c *BuildCommand) AnnotateWasmBinaryShort(wasmtools string, args []string) } // AnnotateWasmBinaryLong annotates the Wasm binary will all available data. -func (c *BuildCommand) AnnotateWasmBinaryLong(wasmtools string, args []string, language *Language) error { +func (c *BuildCommand) AnnotateWasmBinaryLong(wasmtools string, args []string, language *Language, out io.Writer) error { var ms runtime.MemStats runtime.ReadMemStats(&ms) @@ -450,6 +450,9 @@ func (c *BuildCommand) AnnotateWasmBinaryLong(wasmtools string, args []string, l for _, f := range filters { k := strings.Split(v, "=")[0] if strings.HasPrefix(k, f) { + if c.Globals.Flags.Debug { + text.Warning(out, "We've identified and REDACTED the following secret from `env_vars` in your fastly.toml config: %s\n\n", v) + } dc.ScriptInfo.EnvVars[i] = k + "=REDACTED" } } @@ -466,6 +469,9 @@ func (c *BuildCommand) AnnotateWasmBinaryLong(wasmtools string, args []string, l // Use TruffleHog last to hopefully catch any secret 'values'. for _, r := range printer.Results { + if c.Globals.Flags.Debug { + text.Warning(out, "TruffleHog identified and REDACTED the following secret: %s (verified: %t)\n\n", r.Secret, r.Verified) + } data = bytes.ReplaceAll(data, []byte(r.Secret), []byte("REDACTED")) } diff --git a/pkg/global/global.go b/pkg/global/global.go index 35afd303b..3dfcfdd8a 100644 --- a/pkg/global/global.go +++ b/pkg/global/global.go @@ -122,13 +122,22 @@ func (d *Data) Endpoint() (string, lookup.Source) { // explicit flags. Consumers should bind their flag values to these fields // directly. type Flags struct { + // AcceptDefaults accepts defaults for all interactive prompts except Yes/No. AcceptDefaults bool - AutoYes bool - Debug bool - Endpoint string + // AutoYes answers "yes" to all Yes/No interactive prompts. + AutoYes bool + // Debug enables debug mode and will print additional output. + Debug bool + // Endpoint is the Fastly API endpoint to use. + Endpoint string + // NonInteractive will avoid all interactive prompts. NonInteractive bool - Profile string - Quiet bool - Token string - Verbose bool + // Profile switches the account profile for a single command invocation. + Profile string + // Quiet stops all output except direct command output or interactive prompts. + Quiet bool + // Token to use for Fastly API requests. + Token string + // Verbose enables verbose mode and will additional output. + Verbose bool }