Skip to content

Commit 2399cc1

Browse files
PeterSchaferPeterSchafer
authored
Merge pull request #5953 from snyk/fix/scrublogger_basic
fix(logging): Redact Basic auth from debug logs if it exists
2 parents 1068a17 + ef6cd80 commit 2399cc1

File tree

6 files changed

+37
-10
lines changed

6 files changed

+37
-10
lines changed

.circleci/config.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ parameters:
1616
go_version:
1717
type: string
1818
# https://go.dev/doc/devel/release
19-
default: '1.23.8'
19+
default: '1.23.10'
2020
aws_version:
2121
type: string
2222
# https://github.com/aws/aws-cli/blob/v2/CHANGELOG.rst

.snyk

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,11 @@ ignore:
2424
reason: None Given
2525
expires: 2025-05-01T10:37:59.602Z
2626
created: 2025-04-01T10:37:59.609Z
27+
SNYK-JS-TARFS-10293725:
28+
- '*':
29+
reason: None Given
30+
expires: 2025-07-03T12:38:39.920Z
31+
created: 2025-06-03T12:38:39.927Z
2732
patch: {}
2833
exclude:
2934
code:

binary-releases/RELEASE_NOTES.md

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,10 @@
1-
## [1.1297.1](https://github.com/snyk/cli/compare/v1.1297.0...v1.1297.1) (2025-05-16)
1+
## [1.1297.2](https://github.com/snyk/snyk/compare/v1.1297.1...1.1297.2) (2025-06-16)
22

33
The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see [this documentation](https://docs.snyk.io/snyk-cli/releases-and-channels-for-the-snyk-cli)
44

55
### Bug Fixes
66

7-
* **test:** Rollbacked a regression introduced by a change in gradle module resolution in version `1.1297.0` ([7991133](https://github.com/snyk/cli/commit/79911337912082454e4362d9473c40699e059425))
7+
* **logging:** Improves the sanitization of credentials in local debug logs. ([e054455](https://github.com/snyk/snyk/commit/e054455eab8e686f19c165a8bad86259103a5f5d))
8+
* **language-server:** IDE Connectivity for Proxy Users: Fixes an issue where IDE plugins could fail to connect when operating behind an NTLM proxy.
9+
* **language-server:** Snyk Code Local Engine Fix: Addresses a regression that prevented the Snyk Code Local Engine (SCLE) from functioning correctly within the IDEs.
10+

cliv2/go.mod

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
module github.com/snyk/cli/cliv2
22

3-
go 1.23.8
3+
go 1.23.10
44

55
require (
66
github.com/elazarl/goproxy v1.7.2
@@ -16,10 +16,10 @@ require (
1616
github.com/snyk/cli-extension-sbom v0.0.0-20250422133603-a5ae6fdf0934
1717
github.com/snyk/container-cli v0.0.0-20250321132345-1e2e01681dd7
1818
github.com/snyk/error-catalog-golang-public v0.0.0-20250429130542-564b0605020e
19-
github.com/snyk/go-application-framework v0.0.0-20250505092137-65a591adf20f
19+
github.com/snyk/go-application-framework v0.0.0-20250612130357-31093e6eb8ad
2020
github.com/snyk/go-httpauth v0.0.0-20240307114523-1f5ea3f55c65
2121
github.com/snyk/snyk-iac-capture v0.6.5
22-
github.com/snyk/snyk-ls v0.0.0-20250514053102-44a941375f2b
22+
github.com/snyk/snyk-ls v0.0.0-20250613113919-2b232b9d448d
2323
github.com/spf13/cobra v1.9.1
2424
github.com/spf13/pflag v1.0.6
2525
github.com/stretchr/testify v1.10.0

cliv2/go.sum

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -808,16 +808,16 @@ github.com/snyk/container-cli v0.0.0-20250321132345-1e2e01681dd7 h1:/2+2piwQtB9f
808808
github.com/snyk/container-cli v0.0.0-20250321132345-1e2e01681dd7/go.mod h1:38w+dcAQp9eG3P5t2eNS9eG0reut10AeJjLv5lJ5lpM=
809809
github.com/snyk/error-catalog-golang-public v0.0.0-20250429130542-564b0605020e h1:XFGkHDWA8JTPLr82QzoKVqGytofEYBf68VqoUq8yvXk=
810810
github.com/snyk/error-catalog-golang-public v0.0.0-20250429130542-564b0605020e/go.mod h1:Ytttq7Pw4vOCu9NtRQaOeDU2dhBYUyNBe6kX4+nIIQ4=
811-
github.com/snyk/go-application-framework v0.0.0-20250505092137-65a591adf20f h1:L3B/8mDqRayNAiWf2cx2nhirQQI9x9yMfxDqpA+SwcE=
812-
github.com/snyk/go-application-framework v0.0.0-20250505092137-65a591adf20f/go.mod h1:Hy8dugDhTPRPe99Bf4mG7zeh7+OobdWfX5dzhbeQQsU=
811+
github.com/snyk/go-application-framework v0.0.0-20250612130357-31093e6eb8ad h1:RpUp1oayxILiWL6jGnXgAYiz7E44minwFEeDXJU3Xc0=
812+
github.com/snyk/go-application-framework v0.0.0-20250612130357-31093e6eb8ad/go.mod h1:Hy8dugDhTPRPe99Bf4mG7zeh7+OobdWfX5dzhbeQQsU=
813813
github.com/snyk/go-httpauth v0.0.0-20240307114523-1f5ea3f55c65 h1:CEQuYv0Go6MEyRCD3YjLYM2u3Oxkx8GpCpFBd4rUTUk=
814814
github.com/snyk/go-httpauth v0.0.0-20240307114523-1f5ea3f55c65/go.mod h1:88KbbvGYlmLgee4OcQ19yr0bNpXpOr2kciOthaSzCAg=
815815
github.com/snyk/policy-engine v0.33.2 h1:ZxD6/RQ4vqUAXa64V72SsGjZ8vmnBgZNGYQxMIqctYo=
816816
github.com/snyk/policy-engine v0.33.2/go.mod h1:YTZq3GMRbXcHOXQQrFRVEg+MQiIGCGZ1met6KlpruNo=
817817
github.com/snyk/snyk-iac-capture v0.6.5 h1:992DXCAJSN97KtUh8T5ndaWwd/6ZCal2bDkRXqM1u/E=
818818
github.com/snyk/snyk-iac-capture v0.6.5/go.mod h1:e47i55EmM0F69ZxyFHC4sCi7vyaJW6DLoaamJJCzWGk=
819-
github.com/snyk/snyk-ls v0.0.0-20250514053102-44a941375f2b h1:WI9bQsCRBPrkWbxNxpmVMv6qYK92l+98P1VYL+AndNM=
820-
github.com/snyk/snyk-ls v0.0.0-20250514053102-44a941375f2b/go.mod h1:xbvwtDAjQuol2GI45d6awmmRQ3TYcC3jdHFGn+2bTjQ=
819+
github.com/snyk/snyk-ls v0.0.0-20250613113919-2b232b9d448d h1:Qp5UjDfCzoVL28Z1CIZaja9QQGgHMcs8LUeR6Cr2q+8=
820+
github.com/snyk/snyk-ls v0.0.0-20250613113919-2b232b9d448d/go.mod h1:xbvwtDAjQuol2GI45d6awmmRQ3TYcC3jdHFGn+2bTjQ=
821821
github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo=
822822
github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0=
823823
github.com/sourcegraph/go-lsp v0.0.0-20240223163137-f80c5dd31dfd h1:Dq5WSzWsP1TbVi10zPWBI5LKEBDg4Y1OhWEph1wr5WQ=

test/jest/acceptance/debuglog.spec.ts

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -46,6 +46,25 @@ describe('debug log', () => {
4646
expect(stderr).not.toContain(expectedToken);
4747
});
4848

49+
it('redacts basic authentication', async () => {
50+
const { stderr } = await runSnykCLI(
51+
'container test ubuntu:latest --username=us --password=pw -d',
52+
{
53+
env: {
54+
...process.env,
55+
SNYK_DISABLE_ANALYTICS: '1',
56+
SNYK_LOG_LEVEL: 'trace',
57+
},
58+
},
59+
);
60+
61+
// this test only makes sense when Basic auth would be expected, otherwise the checks below
62+
if (stderr.includes('Basic ')) {
63+
expect(stderr).not.toContain('Basic dXM6cHc=');
64+
expect(stderr).toContain('Basic ***');
65+
}
66+
});
67+
4968
it('redacts externally injected bearer token', async () => {
5069
const project = await createProject('cocoapods-app');
5170

0 commit comments

Comments
 (0)