feat(runner+browserstack): Mask sensitive data for Reporters (and more) #13938
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dprevost-LMI
changed the title
onBeforeComand & onAfterCommandonBeforeComand & onAfterCommand
1 task
eslint-plugin-wdio
@wdio/allure-reporter
@wdio/appium-service
@wdio/browser-runner
@wdio/browserstack-service
@wdio/cli
@wdio/concise-reporter
@wdio/config
@wdio/cucumber-framework
@wdio/dot-reporter
@wdio/firefox-profile-service
@wdio/globals
@wdio/jasmine-framework
@wdio/json-reporter
@wdio/junit-reporter
@wdio/lighthouse-service
@wdio/local-runner
@wdio/logger
@wdio/mocha-framework
@wdio/protocols
@wdio/repl
@wdio/reporter
@wdio/runner
@wdio/sauce-service
@wdio/shared-store-service
@wdio/smoke-test-cjs-service
@wdio/smoke-test-reporter
@wdio/smoke-test-service
@wdio/spec-reporter
@wdio/static-server-service
@wdio/sumologic-reporter
@wdio/testingbot-service
@wdio/types
@wdio/utils
@wdio/webdriver-mock-service
webdriver
webdriverio
commit: |
dprevost-LMI
changed the title
onBeforeComand & onAfterCommandonBeforeComand & onAfterCommand
dprevost-LMI
changed the title
onBeforeComand & onAfterCommand
dprevost-LMI
changed the title
dprevost-LMI
changed the title
dprevost-LMI
force-pushed
the
masked-sensible-information
branch
from
f1c6a2e to
13570dc
Compare
dprevost-LMI
force-pushed
the
masked-sensible-information
branch
2 times, most recently
from
7a712fc to
b6a4f6c
Compare
dprevost-LMI
changed the title
1 task
|
Just to note here: we are working with different logs:
It would be awesome if the solution:
I am open to how the mask option look like as long as it is intuitive. Maybe there is an NPM package that detects secrets and can give us an indication whether we should mask it. Otherwise aligning with what Appium does makes total sense to me. I don't think we can do anything about what the Vendor displays in their UI. Hope this makes sense. Please let me know. |
|
Let's settle this in the issue! #13937 (comment) |
dprevost-LMI
force-pushed
the
masked-sensible-information
branch
from
33f944e to
71c8369
Compare
dprevost-LMI
force-pushed
the
masked-sensible-information
branch
from
71c8369 to
f7489c7
Compare
dprevost-LMI
force-pushed
the
masked-sensible-information
branch
2 times, most recently
from
1fdd837 to
b9e3b25
Compare
dprevost-LMI
force-pushed
the
masked-sensible-information
branch
from
7cf4895 to
3a088a9
Compare
dprevost-LMI
commented
May 10, 2025
dprevost-LMI
commented
May 10, 2025
dprevost-LMI
commented
May 10, 2025
dprevost-LMI
commented
May 10, 2025
dprevost-LMI
commented
May 10, 2025
dprevost-LMI
commented
May 10, 2025
Co-authored-by: Christian Bromann <[email protected]>
Co-authored-by: Christian Bromann <[email protected]>
dprevost-LMI
force-pushed
the
masked-sensible-information
branch
2 times, most recently
from
480dd57 to
90647ae
Compare
There was a problem hiding this comment.
Should we add some documentation for the new property somewhere here? I think it would help folks to discover this feature much better. I think we can just copy the docs from the logger readme file.
|
In addition to your request (done in 0708a6d), I had considered that a new "Security" section on the wdio website would be helpful.
/**
* Set the logger level of the webdriver logger to 'error' before running a promise which is useful to hide sensitive information in the logs.
*/
export const withSilentLogger = async <T>(promise: () => Promise<T>): Promise<T> => {
const webdriverLogLevel = driver.options.logLevel ?? 'error';
try {
logger.setLevel('webdriver', 'silent');
return await promise();
} finally {
logger.setLevel('webdriver', webdriverLogLevel);
}
};
What do you think? |
Great idea! Let's do this. |
dprevost-LMI
commented
May 29, 2025
dprevost-LMI
commented
May 29, 2025
dprevost-LMI
commented
May 29, 2025
dprevost-LMI
commented
May 29, 2025
…n' into masked-sensible-information
|
Hey dprevost-LMI 👋 Thank you for your contribution to WebdriverIO! Your pull request has been marked as an "Expensable" contribution. We've sent you an email with further instructions on how to claim your expenses from our development fund. We are looking forward to more contributions from you in the future 🙌 Have a nice day, |
3 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Proposed changes
To provide easier security, here is a PR which has two main goals:
On the
element.setValue, add a new boolean mask option allowing to mask from everyone besides appium the value set in an input element. This allows with the simple{mask : true}to hide the password, for example, of a real production user from wdio logs, any reporters, the performance tool and anyone listening on anyemit. The cherry on top is the participation of appium's folks, where even in Appium's logs (see PR), this value continues to be masked with the simple boolean options. 🎉setValueandaddValuecommands are supported. Not the getValue, for example.A regex expression can now be configured in the wdio logs to hide more sensitive information. For example, when using BrowserStack, the user's key is in plain text. Now we can pass a simple regex pattern like
maskingPattern: '--key=([^ ]*)', which will mask this value in the logs.See the issue for the history of the discussion that led to the PR decisions.
Example for case 1:
Logs:
Allure-reporter
Example for case 2:
Types of changes
Polish (an improvement for an existing feature)Bugfix (non-breaking change which fixes an issue)Breaking change (fix or feature that would cause existing functionality to not work as expected)Specification changes (updates to WebDriver command specifications)Internal updates (everything related to internal scripts, governance documentation and CI files)Checklist
Backport Request
v9and doesn't need to be back-portedBack-ported PR at#XXXXXFurther comments
Reviewers: @webdriverio/project-committers
Related to issue #13937
Appium-related issue