Add boolean string to completely mask source string

Irene Alvarado · Irene Alvarado · commit ba146ea248c5 · 2021-05-26T12:17:45.000-04:00
diff --git a/dist/index.js b/dist/index.js
@@ -233,7 +233,7 @@ const CommonConfigSchema = z.object({
 const HTTPConfigSchema = z
     .object({
     http_url: z.string(),
-    mask: z.string().optional()
+    mask: z.string().optional() // string array of secrets or boolean
 })
     .merge(CommonConfigSchema);
 const SQLConfigSchema = z
@@ -254,7 +254,7 @@ function getConfig() {
         'postprocess',
     ];
     keys.forEach(k => {
-        const v = core.getInput(k);
+        const v = core.getInput(k); // getInput always returns a string
         if (v) {
             raw[k] = v;
         }
@@ -451,19 +451,29 @@ async function run() {
     core.startGroup('Fetch data');
     let filename = '';
     let source;
-    let sourceStripped = '';
+    let shouldMask = false; // by default we don't mask the source
+    let sourceMasked = '';
     if (config_1.isHTTPConfig(config)) {
         filename = await http_1.default(config);
         source = config.http_url;
-        // if including a mask config then we strip out secrets from the http_url
-        sourceStripped = source;
+        // if including a mask config then we can strip out secrets from the http_url
+        sourceMasked = source; // if no secrets to mask then this is just source
         if (config.mask) {
-            core.info('Masking http url');
-            const maskArray = JSON.parse(config.mask);
-            maskArray.forEach((secretToMask) => {
-                const regex = new RegExp(secretToMask, "g");
-                sourceStripped = sourceStripped.replace(regex, "***");
-            });
+            if (config.mask === 'true' || config.mask === 'false') { // mask param is a string
+                shouldMask = JSON.parse(config.mask); // convert to boolean
+            }
+            else {
+                try {
+                    const maskArray = JSON.parse(config.mask);
+                    maskArray.forEach((secretToMask) => {
+                        const regex = new RegExp(secretToMask, "g");
+                        sourceMasked = sourceMasked.replace(regex, "***");
+                    });
+                }
+                catch (error) {
+                    core.setFailed('Mask param formatted incorrectly. It should be a string array OR a "true" or "false" string.');
+                }
+            }
         }
     }
     else if (config_1.isSQLConfig(config)) {
@@ -510,8 +520,8 @@ async function run() {
         core.debug(`git adding ${filename}…`);
         await exec_1.exec('git', ['add', filename]);
         const bytes = await git_1.diff(filename);
-        // core.setOutput('delta_bytes', bytes)
-        editedFiles.push({ name: filename, deltaBytes: bytes, source: sourceStripped });
+        const source = shouldMask ? {} : { source: sourceMasked };
+        editedFiles.push({ name: filename, deltaBytes: bytes, ...source });
     }
     core.endGroup();
     core.startGroup('Committing new data');
diff --git a/dist/index.js.map b/dist/index.js.map
diff --git a/src/config.ts b/src/config.ts
@@ -13,7 +13,7 @@ export type CommonConfig = z.infer<typeof CommonConfigSchema>
 const HTTPConfigSchema = z
   .object({
     http_url: z.string(),
-    mask: z.string().optional()
+    mask: z.string().optional() // string array of secrets or boolean
   })
   .merge(CommonConfigSchema)
 export type HTTPConfig = z.infer<typeof HTTPConfigSchema>
@@ -40,7 +40,7 @@ export function getConfig(): Config {
     'postprocess',
   ]
   keys.forEach(k => {
-    const v = core.getInput(k)
+    const v = core.getInput(k) // getInput always returns a string
     if (v) {
       raw[k] = v
     }
diff --git a/src/main.ts b/src/main.ts
@@ -22,21 +22,28 @@ async function run(): Promise<void> {
   core.startGroup('Fetch data')
   let filename = ''
   let source
-  let sourceStripped = ''
+  let shouldMask = false // by default we don't mask the source
+  let sourceMasked = ''
   if (isHTTPConfig(config)) {
     filename = await fetchHTTP(config)
     source = config.http_url
 
-    // if including a mask config then we strip out secrets from the http_url
-    sourceStripped = source
+    // if including a mask config then we can strip out secrets from the http_url
+    sourceMasked = source // if no secrets to mask then this is just source
     if (config.mask) {
-      core.info('Masking http url')
-      
-      const maskArray: string[] = JSON.parse(config.mask)
-      maskArray.forEach((secretToMask: string) => {
-        const regex = new RegExp(secretToMask, "g")
-        sourceStripped = sourceStripped.replace(regex, "***")
-      })
+      if (config.mask === 'true' || config.mask === 'false') { // mask param is a string
+        shouldMask = JSON.parse(config.mask) // convert to boolean
+      } else {
+        try {
+          const maskArray: string[] = JSON.parse(config.mask)
+          maskArray.forEach((secretToMask: string) => {
+            const regex = new RegExp(secretToMask, "g")
+            sourceMasked = sourceMasked.replace(regex, "***")
+          })
+        } catch(error) {
+          core.setFailed('Mask param formatted incorrectly. It should be a string array OR a "true" or "false" string.')
+        }
+      }
     }
   } else if (isSQLConfig(config)) {
     filename = await fetchSQL(config)
@@ -93,8 +100,9 @@ async function run(): Promise<void> {
     core.debug(`git adding ${filename}…`)
     await exec('git', ['add', filename])
     const bytes = await diff(filename)
-    // core.setOutput('delta_bytes', bytes)
-    editedFiles.push({ name: filename, deltaBytes: bytes, source: sourceStripped })
+
+    const source = shouldMask ? {} : { source: sourceMasked }
+    editedFiles.push({ name: filename, deltaBytes: bytes, ...source })
   }
   core.endGroup()
 
