test: use codeql compatible token / passwords (#11297)

renovatebot · Sep 9, 2021 · 11aa3ba · 11aa3ba
1 parent 43bda14
commit 11aa3ba
Show file tree

Hide file tree

Showing 45 changed files with 533 additions and 527 deletions.
diff --git a/.github/codeql/codeql-config.yml b/.github/codeql/codeql-config.yml
@@ -0,0 +1,2 @@
+paths-ignore:
+  - /__fixtures__/**
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -23,6 +23,8 @@ jobs:
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
         uses: github/codeql-action/init@4854dd23d5f2aada3f026670784d5109e7702ea9 # renovate: tag=v1.0.14
+        with:
+          config-file: ./.github/codeql/codeql-config.yml
 
         # Override language selection by uncommenting this and choosing your languages
         # with:

diff --git a/lib/config/__snapshots__/secrets.spec.ts.snap b/lib/config/__snapshots__/secrets.spec.ts.snap
@@ -5,7 +5,7 @@ Object {
   "hostRules": Array [
     Object {
       "hostType": "npm",
-      "token": "abc123==",
+      "token": "123test==",
     },
   ],
 }
@@ -22,13 +22,13 @@ Object {
 exports[`config/secrets applySecretsToConfig(config) replaces secrets in a subobject 1`] = `
 Object {
   "npm": Object {
-    "npmToken": "abc123==",
+    "npmToken": "123test==",
   },
 }
 `;
 
 exports[`config/secrets applySecretsToConfig(config) replaces secrets in the top level 1`] = `
 Object {
-  "npmToken": "abc123==",
+  "npmToken": "123test==",
 }
 `;
diff --git a/lib/config/migration.spec.ts b/lib/config/migration.spec.ts
@@ -687,9 +687,9 @@ describe('config/migration', () => {
   it('it migrates hostRules fields', () => {
     const config: RenovateConfig = {
       hostRules: [
-        { baseUrl: 'https://some.domain.com', token: 'abc123' },
-        { domainName: 'domain.com', token: 'abc123' },
-        { hostName: 'some.domain.com', token: 'abc123' },
+        { baseUrl: 'https://some.domain.com', token: '123test' },
+        { domainName: 'domain.com', token: '123test' },
+        { hostName: 'some.domain.com', token: '123test' },
       ],
     } as any;
     const { isMigrated, migratedConfig } = configMigration.migrateConfig(
@@ -699,9 +699,9 @@ describe('config/migration', () => {
     expect(isMigrated).toBe(true);
     expect(migratedConfig).toEqual({
       hostRules: [
-        { matchHost: 'https://some.domain.com', token: 'abc123' },
-        { matchHost: 'domain.com', token: 'abc123' },
-        { matchHost: 'some.domain.com', token: 'abc123' },
+        { matchHost: 'https://some.domain.com', token: '123test' },
+        { matchHost: 'domain.com', token: '123test' },
+        { matchHost: 'some.domain.com', token: '123test' },
       ],
     });
   });

diff --git a/lib/config/secrets.spec.ts b/lib/config/secrets.spec.ts
@@ -48,7 +48,7 @@ describe('config/secrets', () => {
       const config = {
         prTitle: '{{ secrets.ARTIFACTORY_TOKEN }}',
         secrets: {
-          ARTIFACTORY_TOKEN: 'abc123==',
+          ARTIFACTORY_TOKEN: '123test==',
         },
       };
       expect(() => applySecretsToConfig(config)).toThrow(CONFIG_VALIDATION);
@@ -61,7 +61,7 @@ describe('config/secrets', () => {
     });
     it('replaces secrets in the top level', () => {
       const config = {
-        secrets: { ARTIFACTORY_TOKEN: 'abc123==' },
+        secrets: { ARTIFACTORY_TOKEN: '123test==' },
         npmToken: '{{ secrets.ARTIFACTORY_TOKEN }}',
       };
       const res = applySecretsToConfig(config);
@@ -70,7 +70,7 @@ describe('config/secrets', () => {
     });
     it('replaces secrets in a subobject', () => {
       const config = {
-        secrets: { ARTIFACTORY_TOKEN: 'abc123==' },
+        secrets: { ARTIFACTORY_TOKEN: '123test==' },
         npm: { npmToken: '{{ secrets.ARTIFACTORY_TOKEN }}' },
       };
       const res = applySecretsToConfig(config);
@@ -79,7 +79,7 @@ describe('config/secrets', () => {
     });
     it('replaces secrets in a array of objects', () => {
       const config = {
-        secrets: { ARTIFACTORY_TOKEN: 'abc123==' },
+        secrets: { ARTIFACTORY_TOKEN: '123test==' },
         hostRules: [
           { hostType: 'npm', token: '{{ secrets.ARTIFACTORY_TOKEN }}' },
         ],

diff --git a/lib/datasource/clojure/index.spec.ts b/lib/datasource/clojure/index.spec.ts
@@ -83,7 +83,7 @@ describe('datasource/clojure/index', () => {
     hostRules.add({
       hostType: ClojureDatasource.id,
       matchHost: 'custom.registry.renovatebot.com',
-      token: 'abc123',
+      token: '123test',
     });
     jest.resetAllMocks();
   });

diff --git a/lib/datasource/docker/index.spec.ts b/lib/datasource/docker/index.spec.ts
@@ -243,7 +243,7 @@ describe('datasource/docker/index', () => {
         .reply(200, '', { 'docker-content-digest': 'some-digest' });
 
       mockEcrAuthResolve({
-        authorizationData: [{ authorizationToken: 'abcdef' }],
+        authorizationData: [{ authorizationToken: 'test_token' }],
       });
 
       await getDigest(
@@ -276,7 +276,7 @@ describe('datasource/docker/index', () => {
         .reply(200, '', { 'docker-content-digest': 'some-digest' });
 
       mockEcrAuthResolve({
-        authorizationData: [{ authorizationToken: 'abc' }],
+        authorizationData: [{ authorizationToken: 'test' }],
       });
 
       const res = await getDigest(
@@ -353,7 +353,7 @@ describe('datasource/docker/index', () => {
         .get(
           '/token?service=registry.docker.io&scope=repository:library/some-other-dep:pull'
         )
-        .reply(200, { access_token: 'some-token' });
+        .reply(200, { access_token: 'test' });
       const res = await getDigest(
         { datasource: 'docker', depName: 'some-other-dep' },
         '8.0.0-alpine'
@@ -528,7 +528,7 @@ describe('datasource/docker/index', () => {
         .get(
           '/token?service=registry.docker.io&scope=repository:library/node:pull'
         )
-        .reply(200, { token: 'some-token ' });
+        .reply(200, { token: 'test' });
       const res = await getPkgReleases({
         datasource: id,
         depName: 'node',
@@ -556,7 +556,7 @@ describe('datasource/docker/index', () => {
         .get(
           '/token?service=registry.docker.io&scope=repository:library/node:pull'
         )
-        .reply(200, { token: 'some-token ' });
+        .reply(200, { token: 'test' });
       const res = await getPkgReleases({
         datasource: id,
         depName: 'docker.io/node',

diff --git a/lib/datasource/hex/__snapshots__/index.spec.ts.snap b/lib/datasource/hex/__snapshots__/index.spec.ts.snap
@@ -127,7 +127,7 @@ Array [
     "headers": Object {
       "accept": "application/json",
       "accept-encoding": "gzip, deflate, br",
-      "authorization": "valid_token",
+      "authorization": "abc",
       "host": "hex.pm",
       "user-agent": "RenovateBot/0.0.0-semantic-release (https://github.com/renovatebot/renovate)",
     },
@@ -322,7 +322,7 @@ Array [
     "headers": Object {
       "accept": "application/json",
       "accept-encoding": "gzip, deflate, br",
-      "authorization": "this_simple_token",
+      "authorization": "abc",
       "host": "hex.pm",
       "user-agent": "RenovateBot/0.0.0-semantic-release (https://github.com/renovatebot/renovate)",
     },

diff --git a/lib/datasource/hex/index.spec.ts b/lib/datasource/hex/index.spec.ts
@@ -89,15 +89,15 @@ describe('datasource/hex/index', () => {
       httpMock
         .scope(baseUrl, {
           reqheaders: {
-            authorization: 'this_simple_token',
+            authorization: 'abc',
           },
         })
         .get('/packages/certifi')
         .reply(401);
 
       hostRules.find.mockReturnValueOnce({
         authType: 'Token-Only',
-        token: 'this_simple_token',
+        token: 'abc',
       });
 
       const res = await getPkgReleases({
@@ -143,15 +143,15 @@ describe('datasource/hex/index', () => {
       httpMock
         .scope(baseUrl, {
           reqheaders: {
-            authorization: 'valid_token',
+            authorization: 'abc',
           },
         })
         .get('/repos/renovate_test/packages/private_package')
         .reply(200, privatePackageResponse);
 
       hostRules.find.mockReturnValueOnce({
         authType: 'Token-Only',
-        token: 'valid_token',
+        token: 'abc',
       });
 
       const result = await getPkgReleases({

diff --git a/lib/datasource/maven/__snapshots__/index.spec.ts.snap b/lib/datasource/maven/__snapshots__/index.spec.ts.snap
@@ -59,7 +59,7 @@ Array [
   Object {
     "headers": Object {
       "accept-encoding": "gzip, deflate, br",
-      "authorization": "Bearer abc123",
+      "authorization": "Bearer 123test",
       "host": "custom.registry.renovatebot.com",
       "user-agent": "RenovateBot/0.0.0-semantic-release (https://github.com/renovatebot/renovate)",
     },
@@ -69,7 +69,7 @@ Array [
   Object {
     "headers": Object {
       "accept-encoding": "gzip, deflate, br",
-      "authorization": "Bearer abc123",
+      "authorization": "Bearer 123test",
       "host": "custom.registry.renovatebot.com",
       "user-agent": "RenovateBot/0.0.0-semantic-release (https://github.com/renovatebot/renovate)",
     },
@@ -79,7 +79,7 @@ Array [
   Object {
     "headers": Object {
       "accept-encoding": "gzip, deflate, br",
-      "authorization": "Bearer abc123",
+      "authorization": "Bearer 123test",
       "host": "custom.registry.renovatebot.com",
       "user-agent": "RenovateBot/0.0.0-semantic-release (https://github.com/renovatebot/renovate)",
     },
@@ -934,7 +934,7 @@ Array [
   Object {
     "headers": Object {
       "accept-encoding": "gzip, deflate, br",
-      "authorization": "Bearer abc123",
+      "authorization": "Bearer 123test",
       "host": "custom.registry.renovatebot.com",
       "user-agent": "RenovateBot/0.0.0-semantic-release (https://github.com/renovatebot/renovate)",
     },
@@ -944,7 +944,7 @@ Array [
   Object {
     "headers": Object {
       "accept-encoding": "gzip, deflate, br",
-      "authorization": "Bearer abc123",
+      "authorization": "Bearer 123test",
       "host": "custom.registry.renovatebot.com",
       "user-agent": "RenovateBot/0.0.0-semantic-release (https://github.com/renovatebot/renovate)",
     },
@@ -954,7 +954,7 @@ Array [
   Object {
     "headers": Object {
       "accept-encoding": "gzip, deflate, br",
-      "authorization": "Bearer abc123",
+      "authorization": "Bearer 123test",
       "host": "custom.registry.renovatebot.com",
       "user-agent": "RenovateBot/0.0.0-semantic-release (https://github.com/renovatebot/renovate)",
     },
@@ -964,7 +964,7 @@ Array [
   Object {
     "headers": Object {
       "accept-encoding": "gzip, deflate, br",
-      "authorization": "Bearer abc123",
+      "authorization": "Bearer 123test",
       "host": "custom.registry.renovatebot.com",
       "user-agent": "RenovateBot/0.0.0-semantic-release (https://github.com/renovatebot/renovate)",
     },
@@ -974,7 +974,7 @@ Array [
   Object {
     "headers": Object {
       "accept-encoding": "gzip, deflate, br",
-      "authorization": "Bearer abc123",
+      "authorization": "Bearer 123test",
       "host": "custom.registry.renovatebot.com",
       "user-agent": "RenovateBot/0.0.0-semantic-release (https://github.com/renovatebot/renovate)",
     },
@@ -984,7 +984,7 @@ Array [
   Object {
     "headers": Object {
       "accept-encoding": "gzip, deflate, br",
-      "authorization": "Bearer abc123",
+      "authorization": "Bearer 123test",
       "host": "custom.registry.renovatebot.com",
       "user-agent": "RenovateBot/0.0.0-semantic-release (https://github.com/renovatebot/renovate)",
     },

diff --git a/lib/datasource/maven/index.spec.ts b/lib/datasource/maven/index.spec.ts
@@ -79,7 +79,7 @@ describe('datasource/maven/index', () => {
     hostRules.add({
       hostType: datasource,
       matchHost: 'custom.registry.renovatebot.com',
-      token: 'abc123',
+      token: '123test',
     });
     jest.resetAllMocks();
   });

diff --git a/lib/datasource/npm/__snapshots__/get.spec.ts.snap b/lib/datasource/npm/__snapshots__/get.spec.ts.snap
@@ -475,7 +475,7 @@ Array [
     "headers": Object {
       "accept": "application/json",
       "accept-encoding": "gzip, deflate, br",
-      "authorization": "Basic XXX",
+      "authorization": "Basic abc",
       "host": "registry.npmjs.org",
       "user-agent": "RenovateBot/0.0.0-semantic-release (https://github.com/renovatebot/renovate)",
     },

diff --git a/lib/datasource/npm/__snapshots__/index.spec.ts.snap b/lib/datasource/npm/__snapshots__/index.spec.ts.snap
@@ -586,7 +586,7 @@ Array [
     "headers": Object {
       "accept": "application/json",
       "accept-encoding": "gzip, deflate, br",
-      "authorization": "Bearer abcde",
+      "authorization": "Bearer abc",
       "host": "npm.mycustomregistry.com",
       "user-agent": "RenovateBot/0.0.0-semantic-release (https://github.com/renovatebot/renovate)",
     },
@@ -625,7 +625,7 @@ Array [
     "headers": Object {
       "accept": "application/json",
       "accept-encoding": "gzip, deflate, br",
-      "authorization": "Bearer abcde",
+      "authorization": "Bearer abc",
       "host": "npm.mycustomregistry.com",
       "user-agent": "RenovateBot/0.0.0-semantic-release (https://github.com/renovatebot/renovate)",
     },

diff --git a/lib/datasource/npm/get.spec.ts b/lib/datasource/npm/get.spec.ts
@@ -152,14 +152,14 @@ describe('datasource/npm/get', () => {
     const npmrc = ``;
     hostRules.add({
       matchHost: 'https://registry.npmjs.org',
-      token: 'XXX',
+      token: 'abc',
       authType: 'Basic',
     });
 
     httpMock
       .scope('https://registry.npmjs.org', {
         reqheaders: {
-          authorization: 'Basic XXX',
+          authorization: 'Basic abc',
         },
       })
       .get('/renovate')

diff --git a/lib/datasource/npm/index.spec.ts b/lib/datasource/npm/index.spec.ts
@@ -270,11 +270,11 @@ describe('datasource/npm/index', () => {
     hostRules.add({
       hostType: 'npm',
       matchHost: 'npm.mycustomregistry.com',
-      token: 'abcde',
+      token: 'abc',
     });
     httpMock
       .scope('https://npm.mycustomregistry.com', {
-        reqheaders: { authorization: 'Bearer abcde' },
+        reqheaders: { authorization: 'Bearer abc' },
       })
       .get('/foobar')
       .reply(200, npmResponse);
@@ -289,13 +289,13 @@ describe('datasource/npm/index', () => {
       hostType: 'npm',
       matchHost:
         'https://npm.mycustomregistry.com/_packaging/mycustomregistry/npm/registry/',
-      token: 'abcde',
+      token: 'abc',
     });
     httpMock
       .scope(
         'https://npm.mycustomregistry.com/_packaging/mycustomregistry/npm/registry',
         {
-          reqheaders: { authorization: 'Bearer abcde' },
+          reqheaders: { authorization: 'Bearer abc' },
         }
       )
       .get('/foobar')

diff --git a/lib/datasource/pypi/index.spec.ts b/lib/datasource/pypi/index.spec.ts
@@ -81,7 +81,7 @@ describe('datasource/pypi/index', () => {
     });
 
     it('sets private if authorization privided', async () => {
-      hostRules.add({ matchHost: 'customprivate.pypi.net', token: 'abc123' });
+      hostRules.add({ matchHost: 'customprivate.pypi.net', token: '123test' });
       httpMock
         .scope('https://customprivate.pypi.net/foo')
         .get('/azure-cli-monitor/json')
@@ -258,7 +258,7 @@ describe('datasource/pypi/index', () => {
     it('sets private simple if authorization provided', async () => {
       hostRules.add({
         matchHost: 'some.private.registry.org',
-        token: 'abc123',
+        token: '123test',
       });
       httpMock
         .scope('https://some.private.registry.org/+simple/')

diff --git a/lib/logger/__snapshots__/err-serializer.spec.ts.snap b/lib/logger/__snapshots__/err-serializer.spec.ts.snap
@@ -7,7 +7,7 @@ Object {
   "message": "some message",
   "options": Object {
     "headers": Object {
-      "authorization": "Bearer abc",
+      "authorization": "Bearer testtoken",
     },
   },
   "response": Object {