`inputText`: add a way to obscure sensitive text
#1,226 opened on Jul 6, 2023
Description
Is your feature request related to a problem? Please describe.
Log outputs include all inputText. If a flow includes a login, the resulting maestro.log will expose that password.
Describe the solution you'd like
Perhaps there should be an API: inputSensitiveText: password
If this is the case, the value of the field should be omitted or censored (XXXXXXXXX) in logging.
For example if I have a sensitive text of value: Password1, I currently input it using this:
maestro test login.yml --env=PASSWORD=Password1
test.yaml
...
inputText: ${PASSWORD}
...
and logging outputs this as:
[INFO ] m.cli.runner.MaestroCommandRunner - Input text ${PASSWORD} metadata CommandMetadata(numberOfRuns=null, evaluatedCommand=MaestroCommand(tapOnElement=null, tapOnPoint=null, tapOnPointV2Command=null, scrollCommand=null, swipeCommand=null, backPressCommand=null, assertCommand=null, assertConditionCommand=null, inputTextCommand=InputTextCommand(text=Password1), inputRandomTextCommand=null, launchAppCommand=null, applyConfigurationCommand=null, openLinkCommand=null, pressKeyCommand=null, eraseTextCommand=null, hideKeyboardCommand=null, takeScreenshotCommand=null, stopAppCommand=null, clearStateCommand=null, clearKeychainCommand=null, runFlowCommand=null, setLocationCommand=null, repeatCommand=null, copyTextCommand=null, pasteTextCommand=null, defineVariablesCommand=null, runScriptCommand=null, waitForAnimationToEndCommand=null, evalScriptCommand=null, mockNetworkCommand=null, scrollUntilVisible=null, travelCommand=null, assertOutgoingRequestsCommand=null, startRecordingCommand=null, stopRecordingCommand=null), logMessages=[])
[INFO ] maestro.Maestro - Inputting text: Password1
Perhaps we can update API and logging to look more like this:
maestro test login.yml --env=PASSWORD=Password1
test.yaml
...
inputSensitiveText: ${PASSWORD}
...
and logging outputs this as:
[INFO ] m.cli.runner.MaestroCommandRunner - Input text ${PASSWORD} metadata CommandMetadata(numberOfRuns=null, evaluatedCommand=MaestroCommand(tapOnElement=null, tapOnPoint=null, tapOnPointV2Command=null, scrollCommand=null, swipeCommand=null, backPressCommand=null, assertCommand=null, assertConditionCommand=null, inputTextCommand=InputTextCommand(text=XXXX), inputRandomTextCommand=null, launchAppCommand=null, applyConfigurationCommand=null, openLinkCommand=null, pressKeyCommand=null, eraseTextCommand=null, hideKeyboardCommand=null, takeScreenshotCommand=null, stopAppCommand=null, clearStateCommand=null, clearKeychainCommand=null, runFlowCommand=null, setLocationCommand=null, repeatCommand=null, copyTextCommand=null, pasteTextCommand=null, defineVariablesCommand=null, runScriptCommand=null, waitForAnimationToEndCommand=null, evalScriptCommand=null, mockNetworkCommand=null, scrollUntilVisible=null, travelCommand=null, assertOutgoingRequestsCommand=null, startRecordingCommand=null, stopRecordingCommand=null), logMessages=[])
[INFO ] maestro.Maestro - Inputting text: XXXX
Describe alternatives you've considered
For my usecase, I am using GitHub actions and archiving the resulting failure logs from maestro. As a workaround, I can run some find and replace for any sensitive text before outputting the archive file.