fix(step): add catch block for disallowed secrets (#272)

* add catch block for unallowed secrets * adding test case
go-vela · Feb 15, 2022 · 2379755 · 2379755
1 parent aa87a48
commit 2379755
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 6 deletions.
diff --git a/executor/linux/step.go b/executor/linux/step.go
@@ -464,15 +464,15 @@ func getSecretValues(ctn *pipeline.Container) []string {
 	secretValues := []string{}
 	// gather secrets' values from the environment map for masking
 	for _, secret := range ctn.Secrets {
-		s := ctn.Environment[strings.ToUpper(secret.Target)]
+		// capture secret from environment
+		s, ok := ctn.Environment[strings.ToUpper(secret.Target)]
+		if !ok {
+			continue
+		}
 		// handle multi line secrets from files
 		s = strings.ReplaceAll(s, "\n", " ")
 
-		// drop any trailing spaces
-		if strings.HasSuffix(s, " ") {
-			s = s[:(len(s) - 1)]
-		}
-		secretValues = append(secretValues, s)
+		secretValues = append(secretValues, strings.TrimSuffix(s, " "))
 	}
 	return secretValues
 }
diff --git a/executor/linux/step_test.go b/executor/linux/step_test.go
@@ -570,6 +570,10 @@ func TestLinux_getSecretValues(t *testing.T) {
 						Source: "someOtherSource",
 						Target: "secret_password",
 					},
+					{
+						Source: "disallowedSecret",
+						Target: "cannot_find",
+					},
 				},
 			},
 		},