inputText: add a way to obscure sensitive text

[HenSquared]

Is your feature request related to a problem? Please describe.

Log outputs include all inputText. If a flow includes a login, the resulting maestro.log will expose that password.

Describe the solution you'd like

Perhaps there should be an API: inputSensitiveText: password

If this is the case, the value of the field should be omitted or censored (XXXXXXXXX) in logging.

For example if I have a sensitive text of value: Password1, I currently input it using this:

maestro test login.yml --env=PASSWORD=Password1

test.yaml

...
inputText: ${PASSWORD}
...

and logging outputs this as:

[INFO ] m.cli.runner.MaestroCommandRunner - Input text ${PASSWORD} metadata CommandMetadata(numberOfRuns=null, evaluatedCommand=MaestroCommand(tapOnElement=null, tapOnPoint=null, tapOnPointV2Command=null, scrollCommand=null, swipeCommand=null, backPressCommand=null, assertCommand=null, assertConditionCommand=null, inputTextCommand=InputTextCommand(text=Password1), inputRandomTextCommand=null, launchAppCommand=null, applyConfigurationCommand=null, openLinkCommand=null, pressKeyCommand=null, eraseTextCommand=null, hideKeyboardCommand=null, takeScreenshotCommand=null, stopAppCommand=null, clearStateCommand=null, clearKeychainCommand=null, runFlowCommand=null, setLocationCommand=null, repeatCommand=null, copyTextCommand=null, pasteTextCommand=null, defineVariablesCommand=null, runScriptCommand=null, waitForAnimationToEndCommand=null, evalScriptCommand=null, mockNetworkCommand=null, scrollUntilVisible=null, travelCommand=null, assertOutgoingRequestsCommand=null, startRecordingCommand=null, stopRecordingCommand=null), logMessages=[])
[INFO ] maestro.Maestro - Inputting text: Password1

Perhaps we can update API and logging to look more like this:

maestro test login.yml --env=PASSWORD=Password1

test.yaml

...
inputSensitiveText: ${PASSWORD}
...

and logging outputs this as:

[INFO ] m.cli.runner.MaestroCommandRunner - Input text ${PASSWORD} metadata CommandMetadata(numberOfRuns=null, evaluatedCommand=MaestroCommand(tapOnElement=null, tapOnPoint=null, tapOnPointV2Command=null, scrollCommand=null, swipeCommand=null, backPressCommand=null, assertCommand=null, assertConditionCommand=null, inputTextCommand=InputTextCommand(text=XXXX), inputRandomTextCommand=null, launchAppCommand=null, applyConfigurationCommand=null, openLinkCommand=null, pressKeyCommand=null, eraseTextCommand=null, hideKeyboardCommand=null, takeScreenshotCommand=null, stopAppCommand=null, clearStateCommand=null, clearKeychainCommand=null, runFlowCommand=null, setLocationCommand=null, repeatCommand=null, copyTextCommand=null, pasteTextCommand=null, defineVariablesCommand=null, runScriptCommand=null, waitForAnimationToEndCommand=null, evalScriptCommand=null, mockNetworkCommand=null, scrollUntilVisible=null, travelCommand=null, assertOutgoingRequestsCommand=null, startRecordingCommand=null, stopRecordingCommand=null), logMessages=[])
[INFO ] maestro.Maestro - Inputting text: XXXX

Describe alternatives you've considered

For my usecase, I am using GitHub actions and archiving the resulting failure logs from maestro. As a workaround, I can run some find and replace for any sensitive text before outputting the archive file.

[Fishbowler]

Labelling implemented in #1292 will offer (when released) a workaround that allows you to specify a label in your yaml that should replace the text at the beginning of the first of these log lines (but it won't affect the second 😞)

[Fishbowler]

I think this can be closed as solved by #1481?

[TheAlmightyBob]

@Fishbowler Can you give an example of how that PR would address this? Your own previous comment said

should replace the text at the beginning of the first of these log lines (but it won't affect the second 😞)

implying that you didn't think the PR would fully resolve this.

[Fishbowler]

Ah, yep, you're 100% correct. This is only half fixed.

[bartekpacia]

Perhaps instead of adding a new inputSensitiveText command, we could add a new boolean argument to inputText?

- inputText:
    text: Hello World
    mask: true

[Fishbowler]

How would we expect this to interact with the debug JSON outputter?
Preserve the string in this instance?