-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[test] vitest can leak secrets in pipeline output #29630
Comments
/cc @jeremymeng |
I wonder whether we should remove the |
I feel like there are definitely production use cases where customers would want to see the content of the request in an error case. Sometimes there may be secrets in the response as well, which is an even more useful property. Maybe it would be possible to sub in a different mock implementation of |
I am a little concerned because error objects most likely get logged all the time. |
Yeah I agree that is a concern. I guess there are a few different ways people could log the error:
|
When a test fails with an error,
vitest
outputs a JSON serialization of the error object to console. This is helpful when debugging, but can cause information that would have otherwise been sanitized to be output in pipeline runs, like in this example where an access token showed up (MS internal link): https://dev.azure.com/azure-sdk/internal/_build/results?buildId=3768430&view=logs&j=8f098e13-557e-5a76-9331-06424800e0fa&t=5005ede9-2880-5bbf-ce42-ae979164a4d1&l=105. Is it possible to suppress this output or sanitize it somehow in the pipeline?Cc @mpodwysocki
The text was updated successfully, but these errors were encountered: