[WorkItem(126)] // Exclude secrets from log data: http://jira.sonarsource.com/browse/SONARMSBRU-126
public void ProcRunner_DoNotLogSensitiveData()
{
var testDir = TestUtils.CreateTestSpecificFolderWithSubPaths(TestContext);
var logger = new TestLogger();
var runner = new ProcessRunner(logger);
// Public args - should appear in the log
var publicArgs = new string[]
{
"public1",
"public2",
"/d:sonar.projectKey=my.key"
};
var sensitiveArgs = new string[] {
// Public args - should appear in the log
"public1", "public2", "/dmy.key=value",
// Sensitive args - should not appear in the log
"/d:sonar.password=secret data password",
"/d:sonar.login=secret data login",
"/d:sonar.jdbc.password=secret data db password",
"/d:sonar.jdbc.username=secret data db user name",
// Sensitive args - different cases -> exclude to be on the safe side
"/d:SONAR.jdbc.password=secret data db password upper",
"/d:sonar.PASSWORD=secret data password upper",
// Sensitive args - parameter format is slightly incorrect -> exclude to be on the safe side
"/dsonar.login =secret data key typo",
"sonar.password=secret data password typo"
};
var allArgs = sensitiveArgs.Union(publicArgs).ToArray();
var runnerArgs = new ProcessRunnerArguments(LogArgsPath(), false)
{
CmdLineArgs = allArgs, WorkingDirectory = testDir
};
var success = runner.Execute(runnerArgs);
success.Should().BeTrue("Expecting the process to have succeeded");
runner.ExitCode.Should().Be(0, "Unexpected exit code");
// Check public arguments are logged but private ones are not
foreach (var arg in publicArgs)
{
logger.AssertSingleDebugMessageExists(arg);
}
logger.AssertSingleDebugMessageExists("<sensitive data removed>");
AssertTextDoesNotAppearInLog("secret", logger);
// Check that the public and private arguments are passed to the child process
AssertExpectedLogContents(testDir, allArgs);
}
public void ProcRunner_PassesEnvVariables_OverrideExisting()
{
// Tests that existing environment variables will be overwritten successfully
// Arrange
var logger = new TestLogger();
var runner = new ProcessRunner(logger);
try
{
// It's possible the user won't be have permissions to set machine level variables
// (e.g. when running on a build agent). Carry on with testing the other variables.
SafeSetEnvironmentVariable("proc.runner.test.machine", "existing machine value", EnvironmentVariableTarget.Machine, logger);
Environment.SetEnvironmentVariable("proc.runner.test.process", "existing process value", EnvironmentVariableTarget.Process);
Environment.SetEnvironmentVariable("proc.runner.test.user", "existing user value", EnvironmentVariableTarget.User);
var exeName = TestUtils.WriteBatchFileForTest(TestContext,
@"@echo file: %proc.runner.test.machine%
@echo file: %proc.runner.test.process%
@echo file: %proc.runner.test.user%
");
var envVariables = new Dictionary <string, string>()
{
{ "proc.runner.test.machine", "machine override" },
{ "proc.runner.test.process", "process override" },
{ "proc.runner.test.user", "user override" }
};
var args = new ProcessRunnerArguments(exeName, true)
{
EnvironmentVariables = envVariables
};
// Act
var success = runner.Execute(args);
// Assert
Assert.IsTrue(success, "Expecting the process to have succeeded");
Assert.AreEqual(0, runner.ExitCode, "Unexpected exit code");
}
finally
{
SafeSetEnvironmentVariable("proc.runner.test.machine", null, EnvironmentVariableTarget.Machine, logger);
Environment.SetEnvironmentVariable("proc.runner.test.process", null, EnvironmentVariableTarget.Process);
Environment.SetEnvironmentVariable("proc.runner.test.user", null, EnvironmentVariableTarget.User);
}
// Check the child process used expected values
logger.AssertMessageLogged("file: machine override");
logger.AssertMessageLogged("file: process override");
logger.AssertMessageLogged("file: user override");
// Check the runner reported it was overwriting existing variables
// Note: the existing non-process values won't be visible to the child process
// unless they were set *before* the test host launched, which won't be the case.
logger.AssertSingleDebugMessageExists("proc.runner.test.process", "existing process value", "process override");
}
public void FileGen_VSBootstrapperIsDisabled_OverrideUserSettings_SameValue()
{
// Arrange
TestLogger logger = new TestLogger();
Property bootstrapperProperty = new Property()
{
Id = PropertiesFileGenerator.VSBootstrapperPropertyKey, Value = "false"
};
// Act
ProjectInfoAnalysisResult result = ExecuteAndCheckSucceeds("disableBootstrapperSame", logger, bootstrapperProperty);
// Assert
SQPropertiesFileReader provider = new SQPropertiesFileReader(result.FullPropertiesFilePath);
provider.AssertSettingExists(PropertiesFileGenerator.VSBootstrapperPropertyKey, "false");
logger.AssertSingleDebugMessageExists(PropertiesFileGenerator.VSBootstrapperPropertyKey);
logger.AssertWarningsLogged(0); // not expecting a warning if the user has supplied the value we want
}
private void CheckInvalidUrlFails(string url)
{
// Arrange
TestLogger logger = new TestLogger();
BuildAgentUpdater updater = new BuildAgentUpdater();
string downloadDir = this.TestContext.DeploymentDirectory;
string nonExistentUrl = url;
string expectedUrl = nonExistentUrl + BootstrapperSettings.IntegrationUrlSuffix;
string expectedDownloadPath = Path.Combine(downloadDir, BootstrapperSettings.SonarQubeIntegrationFilename);
// Act
bool success = updater.TryUpdate(nonExistentUrl, downloadDir, logger);
// Assert
Assert.IsFalse(success, "Not expecting the update to succeed");
logger.AssertSingleDebugMessageExists(expectedUrl, expectedDownloadPath);
logger.AssertSingleErrorExists(nonExistentUrl);
logger.AssertErrorsLogged(1);
}
[WorkItem(126)] // Exclude secrets from log data: http://jira.sonarsource.com/browse/SONARMSBRU-126
public void ProcRunner_DoNotLogSensitiveData()
{
// Arrange
var testDir = TestUtils.CreateTestSpecificFolder(TestContext);
// Create a dummy exe that will produce a log file showing any input args
var exeName = DummyExeHelper.CreateDummyPostProcessor(testDir, 0);
var logger = new TestLogger();
// Public args - should appear in the log
var publicArgs = new string[]
{
"public1",
"public2",
"/d:sonar.projectKey=my.key"
};
var sensitiveArgs = new string[] {
// Public args - should appear in the log
"public1", "public2", "/dmy.key=value",
// Sensitive args - should not appear in the log
"/d:sonar.password=secret data password",
"/d:sonar.login=secret data login",
"/d:sonar.jdbc.password=secret data db password",
"/d:sonar.jdbc.username=secret data db user name",
// Sensitive args - different cases -> exclude to be on the safe side
"/d:SONAR.jdbc.password=secret data db password upper",
"/d:sonar.PASSWORD=secret data password upper",
// Sensitive args - parameter format is slightly incorrect -> exclude to be on the safe side
"/dsonar.login =secret data key typo",
"sonar.password=secret data password typo"
};
var allArgs = sensitiveArgs.Union(publicArgs).ToArray();
var runnerArgs = new ProcessRunnerArguments(exeName, false)
{
CmdLineArgs = allArgs
};
var runner = new ProcessRunner(logger);
// Act
var success = runner.Execute(runnerArgs);
// Assert
Assert.IsTrue(success, "Expecting the process to have succeeded");
Assert.AreEqual(0, runner.ExitCode, "Unexpected exit code");
// Check public arguments are logged but private ones are not
foreach (var arg in publicArgs)
{
logger.AssertSingleDebugMessageExists(arg);
}
logger.AssertSingleDebugMessageExists("<sensitive data removed>");
AssertTextDoesNotAppearInLog("secret", logger);
// Check that the public and private arguments are passed to the child process
var exeLogFile = DummyExeHelper.AssertDummyPostProcLogExists(testDir, TestContext);
DummyExeHelper.AssertExpectedLogContents(exeLogFile, allArgs);
}
private static void AssertRetryAttempted(TestLogger logger)
{
// We'll assume retry has been attempted if there is a message containing
// both of the timeout values
logger.AssertSingleDebugMessageExists(TaskUtilities.MaxConfigRetryPeriodInMilliseconds.ToString(), TaskUtilities.DelayBetweenRetriesInMilliseconds.ToString());
}
[WorkItem(126)] // Exclude secrets from log data: http://jira.sonarsource.com/browse/SONARMSBRU-126
public void ProcRunner_DoNotLogSensitiveData()
{
// Arrange
var testDir = CreateTestSpecificFolder(TestContext);
// Create a dummy exe that will produce a log file showing any input args
var exeName = DummyExeHelper.CreateDummyExe(testDir, 0);
var logger = new TestLogger();
// Public args - should appear in the log
var publicArgs = new string[]
{
"public1",
"public2",
"/d:sonar.projectKey=my.key"
};
var sensitiveArgs = new string[] {
// Public args - should appear in the log
"public1", "public2", "/dmy.key=value",
// Sensitive args - should not appear in the log
"/d:sonar.password=secret data password",
"/d:sonar.login=secret data login",
"/d:sonar.jdbc.password=secret data db password",
"/d:sonar.jdbc.username=secret data db user name",
// Sensitive args - different cases -> exclude to be on the safe side
"/d:SONAR.jdbc.password=secret data db password upper",
"/d:sonar.PASSWORD=secret data password upper",
// Sensitive args - parameter format is slightly incorrect -> exclude to be on the safe side
"/dsonar.login =secret data key typo",
"sonar.password=secret data password typo"
};
var allArgs = sensitiveArgs.Union(publicArgs).ToArray();
var runnerArgs = new ProcessRunnerArguments(exeName, false)
{
CmdLineArgs = allArgs,
// Specify the arguments we consider to be sensitive.
// Note: this is a change from the S4MSB which has a hard-coded set of sensitive keys.
SensitivePropertyKeys = new string[]
{
"sonar.password", "sonar.login", "sonar.jdbc.password", "sonar.jdbc.username"
}
};
var runner = CreateProcessRunner(logger);
// Act
runner.Execute(runnerArgs);
// Assert
runner.ExitCode.Should().Be(0, "Unexpected exit code");
// Check public arguments are logged but private ones are not
foreach (var arg in publicArgs)
{
logger.AssertSingleDebugMessageExists(arg);
}
logger.AssertSingleDebugMessageExists("<sensitive data removed>");
AssertTextDoesNotAppearInLog("secret", logger);
// Check that the public and private arguments are passed to the child process
var exeLogFile = DummyExeHelper.AssertDummyExeLogExists(testDir, TestContext);
DummyExeHelper.AssertExpectedLogContents(exeLogFile, allArgs);
}
