[cert] Hide sensitive information in match output (#21603)

* Do not print output of find-certificate * Added print parameter to backticks * Fixed styling of hash * Reverted changes to FastlaneSwiftRunner.xcodeproj --------- Co-authored-by: Duncan MacDonald <duncan.macdonald@august.com>
fastlane · Oct 28, 2023 · bf9b200 · bf9b200
1 parent fbad7d8
commit bf9b200
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 4 deletions.
diff --git a/fastlane_core/lib/fastlane_core/cert_checker.rb b/fastlane_core/lib/fastlane_core/cert_checker.rb
@@ -116,7 +116,7 @@ def self.installed_wwdr_certificates
 
       # Find all installed WWDRCA certificates
       installed_certs = []
-      Helper.backticks("security find-certificate -a -c '#{certificate_name}' -p #{wwdr_keychain.shellescape}")
+      Helper.backticks("security find-certificate -a -c '#{certificate_name}' -p #{wwdr_keychain.shellescape}", print: false)
             .lines
             .each do |line|
         if line.start_with?('-----BEGIN CERTIFICATE-----')

diff --git a/fastlane_core/spec/cert_checker_spec.rb b/fastlane_core/spec/cert_checker_spec.rb
@@ -40,7 +40,7 @@ class ProcessStatusMock
       it "should return installed certificate's alias" do
         expect(FastlaneCore::CertChecker).to receive(:wwdr_keychain).and_return('login.keychain')
 
-        allow(FastlaneCore::Helper).to receive(:backticks).with(/security find-certificate/).and_return("-----BEGIN CERTIFICATE-----\nG6\n-----END CERTIFICATE-----\n")
+        allow(FastlaneCore::Helper).to receive(:backticks).with(/security find-certificate/, { print: false }).and_return("-----BEGIN CERTIFICATE-----\nG6\n-----END CERTIFICATE-----\n")
 
         allow(Digest::SHA256).to receive(:hexdigest).with(cert.to_der).and_return('bdd4ed6e74691f0c2bfd01be0296197af1379e0418e2d300efa9c3bef642ca30')
         allow(OpenSSL::X509::Certificate).to receive(:new).and_return(cert)
@@ -51,7 +51,7 @@ class ProcessStatusMock
       it "should return an empty array if unknown WWDR certificates are found" do
         expect(FastlaneCore::CertChecker).to receive(:wwdr_keychain).and_return('login.keychain')
 
-        allow(FastlaneCore::Helper).to receive(:backticks).with(/security find-certificate/).and_return("-----BEGIN CERTIFICATE-----\nG6\n-----END CERTIFICATE-----\n")
+        allow(FastlaneCore::Helper).to receive(:backticks).with(/security find-certificate/, { print: false }).and_return("-----BEGIN CERTIFICATE-----\nG6\n-----END CERTIFICATE-----\n")
 
         allow(OpenSSL::X509::Certificate).to receive(:new).and_return(cert)
 
@@ -103,7 +103,7 @@ class ProcessStatusMock
 
       it 'should shell escape keychain names when checking for installation' do
         expect(FastlaneCore::CertChecker).to receive(:wwdr_keychain).and_return(keychain_name)
-        expect(FastlaneCore::Helper).to receive(:backticks).with(name_regex).and_return("")
+        expect(FastlaneCore::Helper).to receive(:backticks).with(name_regex, { print: false }).and_return("")
 
         FastlaneCore::CertChecker.installed_wwdr_certificates
       end