mobile-dev-inc/maestro

`inputText`: add a way to obscure sensitive text

Open

#1,226 建立於 2023年7月6日

在 GitHub 查看
 (8 留言) (8 反應) (0 負責人)Kotlin (306 fork)batch import
enhancementgood first issuemaestro cli

倉庫指標

Star
 (6,111 star)
PR 合併指標
 (平均合併 12天 2小時) (30 天內合併 39 個 PR)

描述

Is your feature request related to a problem? Please describe.

Log outputs include all inputText. If a flow includes a login, the resulting maestro.log will expose that password.

Describe the solution you'd like

Perhaps there should be an API: inputSensitiveText: password

If this is the case, the value of the field should be omitted or censored (XXXXXXXXX) in logging.

For example if I have a sensitive text of value: Password1, I currently input it using this:

maestro test login.yml --env=PASSWORD=Password1

test.yaml

...
inputText: ${PASSWORD}
...

and logging outputs this as:

[INFO ] m.cli.runner.MaestroCommandRunner - Input text ${PASSWORD} metadata CommandMetadata(numberOfRuns=null, evaluatedCommand=MaestroCommand(tapOnElement=null, tapOnPoint=null, tapOnPointV2Command=null, scrollCommand=null, swipeCommand=null, backPressCommand=null, assertCommand=null, assertConditionCommand=null, inputTextCommand=InputTextCommand(text=Password1), inputRandomTextCommand=null, launchAppCommand=null, applyConfigurationCommand=null, openLinkCommand=null, pressKeyCommand=null, eraseTextCommand=null, hideKeyboardCommand=null, takeScreenshotCommand=null, stopAppCommand=null, clearStateCommand=null, clearKeychainCommand=null, runFlowCommand=null, setLocationCommand=null, repeatCommand=null, copyTextCommand=null, pasteTextCommand=null, defineVariablesCommand=null, runScriptCommand=null, waitForAnimationToEndCommand=null, evalScriptCommand=null, mockNetworkCommand=null, scrollUntilVisible=null, travelCommand=null, assertOutgoingRequestsCommand=null, startRecordingCommand=null, stopRecordingCommand=null), logMessages=[])
[INFO ] maestro.Maestro - Inputting text: Password1

Perhaps we can update API and logging to look more like this:

maestro test login.yml --env=PASSWORD=Password1

test.yaml

...
inputSensitiveText: ${PASSWORD}
...

and logging outputs this as:

[INFO ] m.cli.runner.MaestroCommandRunner - Input text ${PASSWORD} metadata CommandMetadata(numberOfRuns=null, evaluatedCommand=MaestroCommand(tapOnElement=null, tapOnPoint=null, tapOnPointV2Command=null, scrollCommand=null, swipeCommand=null, backPressCommand=null, assertCommand=null, assertConditionCommand=null, inputTextCommand=InputTextCommand(text=XXXX), inputRandomTextCommand=null, launchAppCommand=null, applyConfigurationCommand=null, openLinkCommand=null, pressKeyCommand=null, eraseTextCommand=null, hideKeyboardCommand=null, takeScreenshotCommand=null, stopAppCommand=null, clearStateCommand=null, clearKeychainCommand=null, runFlowCommand=null, setLocationCommand=null, repeatCommand=null, copyTextCommand=null, pasteTextCommand=null, defineVariablesCommand=null, runScriptCommand=null, waitForAnimationToEndCommand=null, evalScriptCommand=null, mockNetworkCommand=null, scrollUntilVisible=null, travelCommand=null, assertOutgoingRequestsCommand=null, startRecordingCommand=null, stopRecordingCommand=null), logMessages=[])
[INFO ] maestro.Maestro - Inputting text: XXXX

Describe alternatives you've considered

For my usecase, I am using GitHub actions and archiving the resulting failure logs from maestro. As a workaround, I can run some find and replace for any sensitive text before outputting the archive file.

貢獻者指南