Skip to content

Commit 0e6ebc8

Browse files
PeterSchaferPeterSchafer
committed
fix(logging): Redact Basic auth from debug logs if it exists
1 parent 1068a17 commit 0e6ebc8

File tree

5 files changed

+30
-5
lines changed

5 files changed

+30
-5
lines changed

.snyk

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,11 @@ ignore:
2424
reason: None Given
2525
expires: 2025-05-01T10:37:59.602Z
2626
created: 2025-04-01T10:37:59.609Z
27+
SNYK-JS-TARFS-10293725:
28+
- '*':
29+
reason: None Given
30+
expires: 2025-07-03T12:38:39.920Z
31+
created: 2025-06-03T12:38:39.927Z
2732
patch: {}
2833
exclude:
2934
code:

binary-releases/RELEASE_NOTES.md

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,8 @@
1-
## [1.1297.1](https://github.com/snyk/cli/compare/v1.1297.0...v1.1297.1) (2025-05-16)
1+
## [1.1297.2](https://github.com/snyk/snyk/compare/v1.1297.1...1.1297.2) (2025-06-16)
22

33
The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see [this documentation](https://docs.snyk.io/snyk-cli/releases-and-channels-for-the-snyk-cli)
44

55
### Bug Fixes
66

7-
* **test:** Rollbacked a regression introduced by a change in gradle module resolution in version `1.1297.0` ([7991133](https://github.com/snyk/cli/commit/79911337912082454e4362d9473c40699e059425))
7+
* **logging:** Redact Basic Authorization credentials from debug logs if they exist ([e054455](https://github.com/snyk/snyk/commit/e054455eab8e686f19c165a8bad86259103a5f5d))
8+

cliv2/go.mod

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ require (
1616
github.com/snyk/cli-extension-sbom v0.0.0-20250422133603-a5ae6fdf0934
1717
github.com/snyk/container-cli v0.0.0-20250321132345-1e2e01681dd7
1818
github.com/snyk/error-catalog-golang-public v0.0.0-20250429130542-564b0605020e
19-
github.com/snyk/go-application-framework v0.0.0-20250505092137-65a591adf20f
19+
github.com/snyk/go-application-framework v0.0.0-20250612130357-31093e6eb8ad
2020
github.com/snyk/go-httpauth v0.0.0-20240307114523-1f5ea3f55c65
2121
github.com/snyk/snyk-iac-capture v0.6.5
2222
github.com/snyk/snyk-ls v0.0.0-20250514053102-44a941375f2b

cliv2/go.sum

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -808,8 +808,8 @@ github.com/snyk/container-cli v0.0.0-20250321132345-1e2e01681dd7 h1:/2+2piwQtB9f
808808
github.com/snyk/container-cli v0.0.0-20250321132345-1e2e01681dd7/go.mod h1:38w+dcAQp9eG3P5t2eNS9eG0reut10AeJjLv5lJ5lpM=
809809
github.com/snyk/error-catalog-golang-public v0.0.0-20250429130542-564b0605020e h1:XFGkHDWA8JTPLr82QzoKVqGytofEYBf68VqoUq8yvXk=
810810
github.com/snyk/error-catalog-golang-public v0.0.0-20250429130542-564b0605020e/go.mod h1:Ytttq7Pw4vOCu9NtRQaOeDU2dhBYUyNBe6kX4+nIIQ4=
811-
github.com/snyk/go-application-framework v0.0.0-20250505092137-65a591adf20f h1:L3B/8mDqRayNAiWf2cx2nhirQQI9x9yMfxDqpA+SwcE=
812-
github.com/snyk/go-application-framework v0.0.0-20250505092137-65a591adf20f/go.mod h1:Hy8dugDhTPRPe99Bf4mG7zeh7+OobdWfX5dzhbeQQsU=
811+
github.com/snyk/go-application-framework v0.0.0-20250612130357-31093e6eb8ad h1:RpUp1oayxILiWL6jGnXgAYiz7E44minwFEeDXJU3Xc0=
812+
github.com/snyk/go-application-framework v0.0.0-20250612130357-31093e6eb8ad/go.mod h1:Hy8dugDhTPRPe99Bf4mG7zeh7+OobdWfX5dzhbeQQsU=
813813
github.com/snyk/go-httpauth v0.0.0-20240307114523-1f5ea3f55c65 h1:CEQuYv0Go6MEyRCD3YjLYM2u3Oxkx8GpCpFBd4rUTUk=
814814
github.com/snyk/go-httpauth v0.0.0-20240307114523-1f5ea3f55c65/go.mod h1:88KbbvGYlmLgee4OcQ19yr0bNpXpOr2kciOthaSzCAg=
815815
github.com/snyk/policy-engine v0.33.2 h1:ZxD6/RQ4vqUAXa64V72SsGjZ8vmnBgZNGYQxMIqctYo=

test/jest/acceptance/debuglog.spec.ts

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -46,6 +46,25 @@ describe('debug log', () => {
4646
expect(stderr).not.toContain(expectedToken);
4747
});
4848

49+
it('redacts basic authentication', async () => {
50+
const { stderr } = await runSnykCLI(
51+
'container test ubuntu:latest --username=us --password=pw -d',
52+
{
53+
env: {
54+
...process.env,
55+
SNYK_DISABLE_ANALYTICS: '1',
56+
SNYK_LOG_LEVEL: 'trace',
57+
},
58+
},
59+
);
60+
61+
// this test only makes sense when Basic auth would be expected, otherwise the checks below
62+
if (stderr.includes('Basic ')) {
63+
expect(stderr).not.toContain('Basic dXM6cHc=');
64+
expect(stderr).toContain('Basic ***');
65+
}
66+
});
67+
4968
it('redacts externally injected bearer token', async () => {
5069
const project = await createProject('cocoapods-app');
5170

0 commit comments

Comments
 (0)