mobile-dev-inc/maestro

`inputText`: add a way to obscure sensitive text

Open

#1.226 aberto em 6 de jul. de 2023

Ver no GitHub
 (8 comments) (8 reactions) (0 assignees)Kotlin (306 forks)batch import
enhancementgood first issuemaestro cli

Métricas do repositório

Stars
 (6.111 stars)
Métricas de merge de PR
 (Mesclagem média 12d 2h) (39 fundiu PRs em 30d)

Description

Is your feature request related to a problem? Please describe.

Log outputs include all inputText. If a flow includes a login, the resulting maestro.log will expose that password.

Describe the solution you'd like

Perhaps there should be an API: inputSensitiveText: password

If this is the case, the value of the field should be omitted or censored (XXXXXXXXX) in logging.

For example if I have a sensitive text of value: Password1, I currently input it using this:

maestro test login.yml --env=PASSWORD=Password1

test.yaml

...
inputText: ${PASSWORD}
...

and logging outputs this as:

[INFO ] m.cli.runner.MaestroCommandRunner - Input text ${PASSWORD} metadata CommandMetadata(numberOfRuns=null, evaluatedCommand=MaestroCommand(tapOnElement=null, tapOnPoint=null, tapOnPointV2Command=null, scrollCommand=null, swipeCommand=null, backPressCommand=null, assertCommand=null, assertConditionCommand=null, inputTextCommand=InputTextCommand(text=Password1), inputRandomTextCommand=null, launchAppCommand=null, applyConfigurationCommand=null, openLinkCommand=null, pressKeyCommand=null, eraseTextCommand=null, hideKeyboardCommand=null, takeScreenshotCommand=null, stopAppCommand=null, clearStateCommand=null, clearKeychainCommand=null, runFlowCommand=null, setLocationCommand=null, repeatCommand=null, copyTextCommand=null, pasteTextCommand=null, defineVariablesCommand=null, runScriptCommand=null, waitForAnimationToEndCommand=null, evalScriptCommand=null, mockNetworkCommand=null, scrollUntilVisible=null, travelCommand=null, assertOutgoingRequestsCommand=null, startRecordingCommand=null, stopRecordingCommand=null), logMessages=[])
[INFO ] maestro.Maestro - Inputting text: Password1

Perhaps we can update API and logging to look more like this:

maestro test login.yml --env=PASSWORD=Password1

test.yaml

...
inputSensitiveText: ${PASSWORD}
...

and logging outputs this as:

[INFO ] m.cli.runner.MaestroCommandRunner - Input text ${PASSWORD} metadata CommandMetadata(numberOfRuns=null, evaluatedCommand=MaestroCommand(tapOnElement=null, tapOnPoint=null, tapOnPointV2Command=null, scrollCommand=null, swipeCommand=null, backPressCommand=null, assertCommand=null, assertConditionCommand=null, inputTextCommand=InputTextCommand(text=XXXX), inputRandomTextCommand=null, launchAppCommand=null, applyConfigurationCommand=null, openLinkCommand=null, pressKeyCommand=null, eraseTextCommand=null, hideKeyboardCommand=null, takeScreenshotCommand=null, stopAppCommand=null, clearStateCommand=null, clearKeychainCommand=null, runFlowCommand=null, setLocationCommand=null, repeatCommand=null, copyTextCommand=null, pasteTextCommand=null, defineVariablesCommand=null, runScriptCommand=null, waitForAnimationToEndCommand=null, evalScriptCommand=null, mockNetworkCommand=null, scrollUntilVisible=null, travelCommand=null, assertOutgoingRequestsCommand=null, startRecordingCommand=null, stopRecordingCommand=null), logMessages=[])
[INFO ] maestro.Maestro - Inputting text: XXXX

Describe alternatives you've considered

For my usecase, I am using GitHub actions and archiving the resulting failure logs from maestro. As a workaround, I can run some find and replace for any sensitive text before outputting the archive file.

Guia do colaborador