Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

inputText: add a way to obscure sensitive text #1226

Open
HenSquared opened this issue Jul 6, 2023 · 6 comments · May be fixed by #1944
Open

inputText: add a way to obscure sensitive text #1226

HenSquared opened this issue Jul 6, 2023 · 6 comments · May be fixed by #1944
Labels
enhancement New feature request or improvement of an existing feature good first issue Good for newcomers wanting to contribute maestro cli Related to the command-line Maestro tool

Comments

@HenSquared
Copy link

HenSquared commented Jul 6, 2023
edited by bartekpacia
Loading

Is your feature request related to a problem? Please describe.

Log outputs include all inputText. If a flow includes a login, the resulting maestro.log will expose that password.

Describe the solution you'd like

Perhaps there should be an API: inputSensitiveText: password

If this is the case, the value of the field should be omitted or censored (XXXXXXXXX) in logging.

For example if I have a sensitive text of value: Password1, I currently input it using this:

maestro test login.yml --env=PASSWORD=Password1

test.yaml

...
inputText: ${PASSWORD}
...

and logging outputs this as:

[INFO ] m.cli.runner.MaestroCommandRunner - Input text ${PASSWORD} metadata CommandMetadata(numberOfRuns=null, evaluatedCommand=MaestroCommand(tapOnElement=null, tapOnPoint=null, tapOnPointV2Command=null, scrollCommand=null, swipeCommand=null, backPressCommand=null, assertCommand=null, assertConditionCommand=null, inputTextCommand=InputTextCommand(text=Password1), inputRandomTextCommand=null, launchAppCommand=null, applyConfigurationCommand=null, openLinkCommand=null, pressKeyCommand=null, eraseTextCommand=null, hideKeyboardCommand=null, takeScreenshotCommand=null, stopAppCommand=null, clearStateCommand=null, clearKeychainCommand=null, runFlowCommand=null, setLocationCommand=null, repeatCommand=null, copyTextCommand=null, pasteTextCommand=null, defineVariablesCommand=null, runScriptCommand=null, waitForAnimationToEndCommand=null, evalScriptCommand=null, mockNetworkCommand=null, scrollUntilVisible=null, travelCommand=null, assertOutgoingRequestsCommand=null, startRecordingCommand=null, stopRecordingCommand=null), logMessages=[])
[INFO ] maestro.Maestro - Inputting text: Password1

Perhaps we can update API and logging to look more like this:

maestro test login.yml --env=PASSWORD=Password1

test.yaml

...
inputSensitiveText: ${PASSWORD}
...

and logging outputs this as:

[INFO ] m.cli.runner.MaestroCommandRunner - Input text ${PASSWORD} metadata CommandMetadata(numberOfRuns=null, evaluatedCommand=MaestroCommand(tapOnElement=null, tapOnPoint=null, tapOnPointV2Command=null, scrollCommand=null, swipeCommand=null, backPressCommand=null, assertCommand=null, assertConditionCommand=null, inputTextCommand=InputTextCommand(text=XXXX), inputRandomTextCommand=null, launchAppCommand=null, applyConfigurationCommand=null, openLinkCommand=null, pressKeyCommand=null, eraseTextCommand=null, hideKeyboardCommand=null, takeScreenshotCommand=null, stopAppCommand=null, clearStateCommand=null, clearKeychainCommand=null, runFlowCommand=null, setLocationCommand=null, repeatCommand=null, copyTextCommand=null, pasteTextCommand=null, defineVariablesCommand=null, runScriptCommand=null, waitForAnimationToEndCommand=null, evalScriptCommand=null, mockNetworkCommand=null, scrollUntilVisible=null, travelCommand=null, assertOutgoingRequestsCommand=null, startRecordingCommand=null, stopRecordingCommand=null), logMessages=[])
[INFO ] maestro.Maestro - Inputting text: XXXX

Describe alternatives you've considered

For my usecase, I am using GitHub actions and archiving the resulting failure logs from maestro. As a workaround, I can run some find and replace for any sensitive text before outputting the archive file.
@HenSquared HenSquared added the enhancement New feature request or improvement of an existing feature label Jul 6, 2023
@Fishbowler Fishbowler mentioned this issue Jul 28, 2023
Merged
@Fishbowler
Copy link
Contributor

Labelling implemented in #1292 will offer (when released) a workaround that allows you to specify a label in your yaml that should replace the text at the beginning of the first of these log lines (but it won't affect the second 😞)

@amanjeetsingh150 amanjeetsingh150 mentioned this issue Sep 22, 2023
Merged
@Fishbowler
Copy link
Contributor

I think this can be closed as solved by #1481?

@TheAlmightyBob
Copy link

@Fishbowler Can you give an example of how that PR would address this? Your own previous comment said

should replace the text at the beginning of the first of these log lines (but it won't affect the second 😞)

implying that you didn't think the PR would fully resolve this.

@Fishbowler
Copy link
Contributor

Ah, yep, you're 100% correct. This is only half fixed.

@bartekpacia bartekpacia added maestro cli Related to the command-line Maestro tool good first issue Good for newcomers wanting to contribute labels Jul 13, 2024
@bartekpacia bartekpacia changed the title [Feature Request] Censor sensitive text inputText: add a way to obscure sensitive text Jul 13, 2024
@bartekpacia
Copy link
Contributor

Perhaps instead of adding a new inputSensitiveText command, we could add a new boolean argument to inputText?

- inputText:
    text: Hello World
    mask: true

@tokou tokou linked a pull request Aug 24, 2024 that will close this issue
Open
Fishbowler added a commit to Fishbowler/maestro that referenced this issue Oct 12, 2024
@Fishbowler
Add sensitive field to inputText to remove sensitive data from output…
054bca1 
… and logs

fixes mobile-dev-inc#1226
@Fishbowler
Copy link
Contributor

How would we expect this to interact with the debug JSON outputter?
Preserve the string in this instance?

@Fishbowler Fishbowler mentioned this issue Oct 12, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature request or improvement of an existing feature good first issue Good for newcomers wanting to contribute maestro cli Related to the command-line Maestro tool
Projects
None yet
Milestone
No milestone
4 participants
@Fishbowler @TheAlmightyBob @bartekpacia @HenSquared