Google Git
Sign in
bazel / bazel / 75f746b0dc829e096445b0c8670f0546788bbe5a / . / src / test / java / com / google / devtools / build / lib / runtime / SafeRequestLoggingTest.java
blob: d9334ebd6f060854f1d4b6a2581fc07b7d5f7ee0 [file] [log] [blame]
michajlo4e11dc12020-09-11 06:16:01 -0700[diff] [blame]1// Copyright 2020 The Bazel Authors. All rights reserved.
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7// http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15package com.google.devtools.build.lib.runtime;
16
17import static com.google.common.truth.Truth.assertThat;
18
19import com.google.common.collect.ImmutableList;
20import java.util.List;
21import org.junit.Test;
22import org.junit.runner.RunWith;
23import org.junit.runners.JUnit4;
24
25/** Tests for {@link SafeRequestLogging}. */
26@RunWith(JUnit4.class)
27public class SafeRequestLoggingTest {
28
29 @Test
30 public void testGetRequestLogStringPassesThroughNonSensitiveClientEnv() {
31 assertThat(
32 SafeRequestLogging.getRequestLogString(
33 ImmutableList.of("--client_env=A=B", "--client_env=C=D")))
34 .isEqualTo("[--client_env=A=B, --client_env=C=D]");
35 }
36
37 @Test
38 public void testGetRequestLogStringToleratesNonsensicalClientEnv() {
39 // Client env is key=value pairs, no '=' is silly, but shouldn't break anything.
40 assertThat(SafeRequestLogging.getRequestLogString(ImmutableList.of("--client_env=BROKEN")))
41 .isEqualTo("[--client_env=BROKEN]");
42 }
43
44 @Test
45 public void testGetRequestLogStringStripsApparentAuthValues() {
46 assertThat(
47 SafeRequestLogging.getRequestLogString(
48 ImmutableList.of("--client_env=auth=notprinted", "--client_env=other=isprinted")))
49 .isEqualTo("[--client_env=auth=__private_value_removed__, --client_env=other=isprinted]");
50 }
51
52 @Test
53 public void testGetRequestLogStringStripsApparentCookieValues() {
54 assertThat(
55 SafeRequestLogging.getRequestLogString(
56 ImmutableList.of(
57 "--client_env=MY_COOKIE=notprinted", "--client_env=other=isprinted")))
58 .isEqualTo(
59 "[--client_env=MY_COOKIE=__private_value_removed__, --client_env=other=isprinted]");
60 }
61
62 @Test
63 public void testGetRequestLogStringStripsApparentPasswordValues() {
64 assertThat(
65 SafeRequestLogging.getRequestLogString(
66 ImmutableList.of(
67 "--client_env=dont_paSS_ME=notprinted", "--client_env=other=isprinted")))
68 .isEqualTo(
69 "[--client_env=dont_paSS_ME=__private_value_removed__, --client_env=other=isprinted]");
70 }
71
72 @Test
73 public void testGetRequestLogIgnoresSensitiveTermsInValues() {
74 assertThat(SafeRequestLogging.getRequestLogString(ImmutableList.of("--client_env=ok=COOKIE")))
75 .isEqualTo("[--client_env=ok=COOKIE]");
76 }
77
78 @Test
79 public void testGetRequestLogForStandardCommandLine() {
80 List<String> complexCommandLine = ImmutableList.of(
81 "blaze",
82 "build",
83 "--client_env=FOO=BAR",
84 "--client_env=FOOPASS=mypassword",
85 "--package_path=./MY_PASSWORD/foo",
86 "--client_env=SOMEAuThCode=something");
87 assertThat(SafeRequestLogging.getRequestLogString(complexCommandLine))
88 .isEqualTo(
89 "[blaze, build, --client_env=FOO=BAR, --client_env=FOOPASS=__private_value_removed__, "
90 + "--package_path=./MY_PASSWORD/foo, "
91 + "--client_env=SOMEAuThCode=__private_value_removed__]");
92 }
93}