Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
fix: escape uri encoded symbols (#1697)
  • Loading branch information
dekhanov committed Nov 19, 2020
1 parent c8d38b6 commit f8f8fbc
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 1 deletion.
2 changes: 1 addition & 1 deletion lib/hide-sensitive.js
Expand Up @@ -12,7 +12,7 @@ module.exports = (env) => {
});

const regexp = new RegExp(
toReplace.map((envVar) => `${escapeRegExp(env[envVar])}|${encodeURI(escapeRegExp(env[envVar]))}`).join('|'),
toReplace.map((envVar) => `${escapeRegExp(env[envVar])}|${escapeRegExp(encodeURI(env[envVar]))}`).join('|'),
'g'
);
return (output) =>
Expand Down
8 changes: 8 additions & 0 deletions test/hide-sensitive.test.js
Expand Up @@ -40,6 +40,14 @@ test('Escape regexp special characters', (t) => {
);
});

test('Escape regexp special characters in url-encoded environment variable', (t) => {
const env = {SOME_PASSWORD: 'secret password p$^{.+}\\w[a-z]o.*rd)('};
t.is(
hideSensitive(env)(`https://user:${encodeURI(env.SOME_PASSWORD)}@host.com`),
`https://user:${SECRET_REPLACEMENT}@host.com`
);
});

test('Accept "undefined" input', (t) => {
t.is(hideSensitive({})(), undefined);
});
Expand Down

0 comments on commit f8f8fbc

Please sign in to comment.