Codeceptjs: REST helper leaks secrets

Created on 25 Feb 2020  路  3Comments  路  Source: codeceptjs/CodeceptJS

What are you trying to achieve?

test an API in Github Actions without leaking secrets ...

there should be some way to NOT log data sent in requests, or, if this already exists, it should be clearly documented

What do you get instead?

API --
  1. /admin/migrate
I send post request "/admin/migrate", {"password":"SUPER_SECRET_SQUIRREL_PASSWORD"}
  const migrationResponse = await I.sendPostRequest("/admin/migrate", {
    password: process.env.ADMIN_PASSWORD
  });

Details

  • CodeceptJS version: 2.4.3
  • NodeJS Version: 12.14.1
  • Operating System: macos catalina
  • puppeteer
  • Configuration file:
require("dotenv").config();

console.log("CODECEPT CONF JS TEST_URL", process.env.TEST_URL);
const endpoint = `http://${process.env.TEST_URL}/api`;

exports.config = {
  tests: "./*_test.js",
  output: "./output",
  helpers: {
    Puppeteer: {
      show: false,
      chrome: {
        keepCookies: true,
        args: ["--no-sandbox", "--disable-setuid-sandbox"]
      }
    },
    REST: {
      endpoint,
      onRequest: request => {
        request.headers.auth = "123";
      }
    }
  },
  include: {
    I: "./steps_file.js"
  },
  bootstrap: null,
  mocha: {},
  name: "tests",
  plugins: {
    retryFailedStep: {
      enabled: true
    },
    screenshotOnFail: {
      enabled: true
    }
  },
  require: []
};

Most helpful comment

@bionicles Did you try to wrap it in secret()?

password: secret(process.env.ADMIN_PASSWORD)

All 3 comments

@bionicles Did you try to wrap it in secret()?

password: secret(process.env.ADMIN_PASSWORD)

I didn't know that was possible! Will try now. Where is this function documented?

@bionicles for example here https://codecept.io/changelog/#_2-1-0

Was this page helpful?
0 / 5 - 0 ratings

Related issues

himanshuqdabra picture himanshuqdabra  路  3Comments

Schveitzer picture Schveitzer  路  3Comments

davorb picture davorb  路  4Comments

lets-open-source picture lets-open-source  路  4Comments

ecampii picture ecampii  路  3Comments