From e7d501937f4696a43769c6f9322381baf0a7ff44 Mon Sep 17 00:00:00 2001
From: Easton Crupper <65553218+ecrupper@users.noreply.github.com>
Date: Wed, 8 Nov 2023 10:38:39 -0500
Subject: [PATCH] fix(log): add brackets to secret mask (#333)

Co-authored-by: dave vader <48764154+plyr4@users.noreply.github.com>
---
 library/log.go      | 2 +-
 library/log_test.go | 7 +++++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/library/log.go b/library/log.go
index cd7d39f9..9c2ce146 100644
--- a/library/log.go
+++ b/library/log.go
@@ -54,7 +54,7 @@ func (l *Log) MaskData(secrets []string) {
 		// create regexp to match secrets in the log data surrounded by regexp metacharacters
 		//
 		// https://pkg.go.dev/regexp#MustCompile
-		buffer := `(\s|^|=|"|\?|:|'|\.|,|&|$|;)`
+		buffer := `(\s|^|=|"|\?|:|'|\.|,|&|$|;|\[|\])`
 		re := regexp.MustCompile((buffer + escaped + buffer))
 
 		// create a mask for the secret
diff --git a/library/log_test.go b/library/log_test.go
index c3f796c8..5ea64669 100644
--- a/library/log_test.go
+++ b/library/log_test.go
@@ -54,6 +54,8 @@ func TestLibrary_Log_MaskData(t *testing.T) {
 	s4Masked := "SOME_SECRET=***"
 	s5 := "www.example.com?username=secret&password=extrasecret"
 	s5Masked := "www.example.com?username=***&password=***"
+	s6 := "[token: extrasecret]"
+	s6Masked := "[token: ***]"
 
 	tests := []struct {
 		want    []byte
@@ -85,6 +87,11 @@ func TestLibrary_Log_MaskData(t *testing.T) {
 			log:     []byte(s5),
 			secrets: sVals,
 		},
+		{ // secret in verbose brackets
+			want:    []byte(s6Masked),
+			log:     []byte(s6),
+			secrets: sVals,
+		},
 		{ // empty secrets slice
 			want:    []byte(s3),
 			log:     []byte(s3),