Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow for redacting/hiding sensitive test in inputText command #1944

Open
wants to merge 8 commits into
base: main
Choose a base branch
from

Conversation

tokou
Copy link
Contributor

@tokou tokou commented Aug 24, 2024

Proposed changes

  • Add a redact boolean field to the inputText command
  • In the case it's set to true, replace the value of text to "[REDACTED]" in the following locations:
    • The console output when --format=NOOP
    • maestro.log
    • commands-(<flow>).json

I chose to use redact instead of mask and [REDACTED] instead of XXXX as it seemed clearer but feel free to ask if you want it changed back.

Testing

I added 3 test cases:

  • The JSON serialization of the InputTextCommand (No deserialization though)
  • The correct parsing of the Yaml redact field
  • The correct input of the non-redacted text value

I ran the following commands:

  • Run ./gradlew :maestro-test:test
  • Run ./gradlew :maestro-cli:test
  • Run ./gradlew :maestro-client:test
  • Run ./gradlew :maestro-orchestra:test
  • Run ./gradlew :maestro-orchestra-models:test

Manual tests

The tests below have been done manually. I tried seeing how to automate them, but ideally, this needs to be able to intercept the LOGGER calls in IntegrationTest.kt. Please advise if you want me to add tests for the cases below.

  • Build the cli and then run 012_input_text.yaml
    • Run ./gradlew maestro-cli:installDist
    • Run ./maestro-cli/build/install/maestro/bin/maestro test maestro-test/src/test/resources/012_input_text.yaml
    • Check for the absence of the value "secret password"
      • In the console output
      • In ~/.maestro/tests/<timestamp>/maestro.log
      • In ~/.maestro/tests/<timestamp>/commands-(012_input_text.yaml).json
    • Replace "secret password" with "💸" in 012_input_text.yaml
      • Run the flow 012_input_text.yaml on an Android device
      • Check for the absence of the value "💸" in the same locations (console output, maestro.log and commands-(012_input_text.yaml).json)

Here are sample files with the results:

commands-(012_input_text.yaml).json
maestro.log
output.txt

With "💸" replacing "secret password" on Android :

commands-(012_input_text.yaml).json
maestro.log
output.txt

Issues fixed

Fixes #1226

@bartekpacia bartekpacia changed the title Input text redacted value (#1226) Allow for redacting/hiding sensitive test in inputText command Aug 30, 2024
@bartekpacia bartekpacia added the needs backend approval This PR may interfere with Cloud, so needs to be reviewed by a backend engineer. label Sep 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
needs backend approval This PR may interfere with Cloud, so needs to be reviewed by a backend engineer.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

inputText: add a way to obscure sensitive text
2 participants