-
Notifications
You must be signed in to change notification settings - Fork 72
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add sensitive env var clearing and e2e tests for session launcher #2701
Conversation
This stack of pull requests is managed by Graphite. Learn more about stacking. |
Your org requires the Graphite merge queue for merging into mainAdd the label “flow:merge-queue” to the PR and Graphite will automatically add it to the merge queue when it’s ready to merge. Or use the label “flow:hotfix” to add to the merge queue as a hot fix. You must have a Graphite account and log in to Graphite in order to use the merge queue. Sign up using this link. |
Coverage report for
|
St.❔ |
Category | Percentage | Covered / Total |
---|---|---|---|
🔴 | Statements | 5.41% (+0.12% 🔼) |
348/6432 |
🔴 | Branches | 4.87% (+0.09% 🔼) |
218/4479 |
🔴 | Functions | 3.16% (+0.18% 🔼) |
67/2120 |
🔴 | Lines | 5.3% (+0.11% 🔼) |
333/6283 |
Test suite run success
93 tests passing in 12 suites.
Report generated by 🧪jest coverage report action from 22fcd5d
ca56621
to
8b70b8a
Compare
8b70b8a
to
c1dfc10
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Found typo error in test module file(session-luancher.test.ts
-> session-launcher.test.ts
). Except that, It works fine.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM.
9aef286
to
a417ae2
Compare
Merge activity
|
…er (#2701) ### TL;DR Added functionality to empty sensitive environment variables and updated form value synchronization. ### What changed? - Introduced `sensitivePatterns` array with regular expressions to identify sensitive environment variables. - Added `isSensitiveEnv` function to check if an environment variable is sensitive. - Implemented `emptySensitiveEnv` function to clear values of sensitive environment variables. - Updated `VFolderTableFormValues` interface to include `autoMountedFolderNames`. - Modified form value synchronization in `SessionLauncherPage` to omit specific fields and empty sensitive environment variables. - Unit test and E2E test for this change. ### How to test? 1. Navigate to the Session Launcher page. 2. Add environment variables with sensitive names (e.g., PASSWORD, SECRET_KEY). 3. Verify that sensitive environment variables are properly identified and their values are cleared when reloading browser. 4. Check if the URL updates correctly without including sensitive information. ![image.png](https://graphite-user-uploaded-assets-prod.s3.amazonaws.com/XqC2uNFuj0wg8I60sMUh/bf5fc885-53d1-405b-80ca-0ed009218c8e.png) ### Why make this change? This change enhances security by preventing sensitive information from being exposed in URLs or unintended locations. It also improves the handling of environment variables, ensuring that sensitive data is properly managed throughout the application.
a417ae2
to
22fcd5d
Compare
TL;DR
Added functionality to empty sensitive environment variables and updated form value synchronization.
What changed?
sensitivePatterns
array with regular expressions to identify sensitive environment variables.isSensitiveEnv
function to check if an environment variable is sensitive.emptySensitiveEnv
function to clear values of sensitive environment variables.VFolderTableFormValues
interface to includeautoMountedFolderNames
.SessionLauncherPage
to omit specific fields and empty sensitive environment variables.How to test?
Why make this change?
This change enhances security by preventing sensitive information from being exposed in URLs or unintended locations. It also improves the handling of environment variables, ensuring that sensitive data is properly managed throughout the application.