fix: redact output of credential tools

g-linville · g-linville · commit 50e1d161aea8 · 2024-06-13T22:46:23.000-04:00
Signed-off-by: Grant Linville &lt;grant@acorn.io&gt;
diff --git a/pkg/runner/monitor.go b/pkg/runner/monitor.go
@@ -28,3 +28,22 @@ func (n noopMonitor) Stop(string, error) {}
 func (n noopMonitor) Pause() func() {
 	return func() {}
 }
+
+type credWrapper struct {
+	m Monitor
+}
+
+func (n credWrapper) Event(e Event) {
+	if e.Type == EventTypeCallFinish {
+		e.Content = "credential tool output redacted"
+	}
+	n.m.Event(e)
+}
+
+func (n credWrapper) Stop(s string, err error) {
+	n.m.Stop(s, err)
+}
+
+func (n credWrapper) Pause() func() {
+	return n.m.Pause()
+}
diff --git a/pkg/runner/runner.go b/pkg/runner/runner.go
@@ -858,7 +858,7 @@ func (r *Runner) handleCredentials(callCtx engine.Context, monitor Monitor, env
 				return nil, fmt.Errorf("failed to create subcall context for tool %s: %w", credToolName, err)
 			}
 
-			res, err := r.call(subCtx, monitor, env, input)
+			res, err := r.call(subCtx, credWrapper{monitor}, env, input)
 			if err != nil {
 				return nil, fmt.Errorf("failed to run credential tool %s: %w", credToolName, err)
 			}

Original file line number	Diff line number	Diff line change
`@@ -858,7 +858,7 @@ func (r *Runner) handleCredentials(callCtx engine.Context, monitor Monitor, env`
`858`	`858`	`return nil, fmt.Errorf("failed to create subcall context for tool %s: %w", credToolName, err)`
`859`	`859`	`}`
`860`	`860`
`861`		`- res, err := r.call(subCtx, monitor, env, input)`
	`861`	`+ res, err := r.call(subCtx, credWrapper{monitor}, env, input)`
`862`	`862`	`if err != nil {`
`863`	`863`	`return nil, fmt.Errorf("failed to run credential tool %s: %w", credToolName, err)`
`864`	`864`	`}`