Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Allow for redacting/hiding sensitive test in inputText command #1944

Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open

Allow for redacting/hiding sensitive test in inputText command #1944

wants to merge 8 commits into from

Conversation

tokou
Copy link
Contributor

@tokou tokou commented Aug 24, 2024
edited
Loading

Proposed changes

  • Add a redact boolean field to the inputText command
  • In the case it's set to true, replace the value of text to "[REDACTED]" in the following locations:
    • The console output when --format=NOOP
    • maestro.log
    • commands-(<flow>).json

I chose to use redact instead of mask and [REDACTED] instead of XXXX as it seemed clearer but feel free to ask if you want it changed back.

Testing

I added 3 test cases:

  • The JSON serialization of the InputTextCommand (No deserialization though)
  • The correct parsing of the Yaml redact field
  • The correct input of the non-redacted text value

I ran the following commands:

  • Run ./gradlew :maestro-test:test
  • Run ./gradlew :maestro-cli:test
  • Run ./gradlew :maestro-client:test
  • Run ./gradlew :maestro-orchestra:test
  • Run ./gradlew :maestro-orchestra-models:test

Manual tests

The tests below have been done manually. I tried seeing how to automate them, but ideally, this needs to be able to intercept the LOGGER calls in IntegrationTest.kt. Please advise if you want me to add tests for the cases below.

  • Build the cli and then run 012_input_text.yaml
    • Run ./gradlew maestro-cli:installDist
    • Run ./maestro-cli/build/install/maestro/bin/maestro test maestro-test/src/test/resources/012_input_text.yaml
    • Check for the absence of the value "secret password"
      • In the console output
      • In ~/.maestro/tests/<timestamp>/maestro.log
      • In ~/.maestro/tests/<timestamp>/commands-(012_input_text.yaml).json
    • Replace "secret password" with "💸" in 012_input_text.yaml
      • Run the flow 012_input_text.yaml on an Android device
      • Check for the absence of the value "💸" in the same locations (console output, maestro.log and commands-(012_input_text.yaml).json)

Here are sample files with the results:

commands-(012_input_text.yaml).json
maestro.log
output.txt

With "💸" replacing "secret password" on Android :

commands-(012_input_text.yaml).json
maestro.log
output.txt

Issues fixed

Fixes #1226

@bartekpacia bartekpacia changed the title Input text redacted value (#1226) Allow for redacting/hiding sensitive test in inputText command Aug 30, 2024
@bartekpacia bartekpacia added the needs backend approval This PR may interfere with Cloud, so needs to be reviewed by a backend engineer. label Sep 2, 2024
@Fishbowler Fishbowler mentioned this pull request Oct 15, 2024
Closed
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@igorsmotto igorsmotto Awaiting requested review from igorsmotto

Assignees
No one assigned
Labels
needs backend approval This PR may interfere with Cloud, so needs to be reviewed by a backend engineer.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

inputText: add a way to obscure sensitive text
2 participants
@tokou @bartekpacia