From aaeccde89521147c0f20253c35100ca7a3487fdb Mon Sep 17 00:00:00 2001
From: "m.huber" <m.huber@kithara.com>
Date: Tue, 31 Oct 2023 19:06:44 +0100
Subject: [PATCH] do not sanitzie secrets with 3 or less chars

---
 pipeline/shared/replace_secrets.go      |  2 +-
 pipeline/shared/replace_secrets_test.go | 18 +++++++++++++-----
 2 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/pipeline/shared/replace_secrets.go b/pipeline/shared/replace_secrets.go
index 6e57f817fd..668874b9a6 100644
--- a/pipeline/shared/replace_secrets.go
+++ b/pipeline/shared/replace_secrets.go
@@ -20,7 +20,7 @@ func NewSecretsReplacer(secrets []string) *strings.Replacer {
 	var oldnew []string
 	for _, old := range secrets {
 		old = strings.TrimSpace(old)
-		if len(old) == 0 {
+		if len(old) <= 3 {
 			continue
 		}
 		// since replacer is executed on each line we have to split multi-line-secrets
diff --git a/pipeline/shared/replace_secrets_test.go b/pipeline/shared/replace_secrets_test.go
index ca8c2412de..8ed9941708 100644
--- a/pipeline/shared/replace_secrets_test.go
+++ b/pipeline/shared/replace_secrets_test.go
@@ -22,34 +22,42 @@ import (
 
 func TestNewSecretsReplacer(t *testing.T) {
 	tc := []struct {
+		name    string
 		log     string
 		secrets []string
 		expect  string
 	}{{
+		name:    "dont replace secrets with less than 3 chars",
 		log:     "start log\ndone",
-		secrets: []string{""},
+		secrets: []string{"", "d", "art"},
 		expect:  "start log\ndone",
 	}, {
+		name:    "single line passwords",
 		log:     `this IS secret: password`,
 		secrets: []string{"password", " IS "},
-		expect:  `this ******** secret: ********`,
+		expect:  `this IS secret: ********`,
 	}, {
+		name:    "secret with one newline",
 		log:     "start log\ndone\nnow\nan\nmulti line secret!! ;)",
 		secrets: []string{"an\nmulti line secret!!"},
 		expect:  "start log\ndone\nnow\n********\n******** ;)",
 	}, {
+		name:    "secret with multible lines with no match",
 		log:     "start log\ndone\nnow\nan\nmulti line secret!! ;)",
 		secrets: []string{"Test\nwith\n\ntwo new lines"},
 		expect:  "start log\ndone\nnow\nan\nmulti line secret!! ;)",
 	}, {
+		name:    "secret with multible lines with match",
 		log:     "start log\ndone\nnow\nan\nmulti line secret!! ;)\nwith\ntwo\n\nnewlines",
 		secrets: []string{"an\nmulti line secret!!", "two\n\nnewlines"},
 		expect:  "start log\ndone\nnow\n********\n******** ;)\nwith\n********\n\n********",
 	}}
 
 	for _, c := range tc {
-		rep := NewSecretsReplacer(c.secrets)
-		result := rep.Replace(c.log)
-		assert.EqualValues(t, c.expect, result)
+		t.Run(c.name, func(t *testing.T) {
+			rep := NewSecretsReplacer(c.secrets)
+			result := rep.Replace(c.log)
+			assert.EqualValues(t, c.expect, result)
+		})
 	}
 }