feat(logger): censor build author email for security compliance #667
Conversation
Codecov Report
@@ Coverage Diff @@
## master #667 +/- ##
==========================================
+ Coverage 55.07% 55.10% +0.02%
==========================================
Files 201 201
Lines 15952 15960 +8
==========================================
+ Hits 8786 8794 +8
Misses 6788 6788
Partials 378 378
|
ecrupper
changed the title
There was a problem hiding this comment.
the lack of coverage in the report threw me off for a min.
when you do sanitizeBuild := b and modify a field, it will modify for both b and santizeBuild, since it's a pointer. you can get past it by dereferencing like sanitizeBuild := *b but you will see the test fail then. turns out you never get past the if m, ok := body.(map[string]interface{}); ok check and always just return the original body.
if we can fix up the tests, this is good to go, i think.
Good catch! |
…ver into chore/secure-email-in-logger
Addresses security concern that build author emails, which can be changed within GitHub enterprise to be a non-work email, were being logged. With this change, all http logs with the build as the body will now censor the email field.
Abstracted this routine into a
sanitizefunction, which can be used in case there are future concerns with logging practices.