Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

### Fixed

- `--json` blocked-command results now redact password, token, secret, and API
key style arguments in both the `command` field and `error` text, matching the
audit trail redaction behavior.
- Remote command tokens after the command start or `--` separator are preserved,
so flags such as `-v`, `--help`, and `--force` are passed to the remote
command instead of being consumed as local `sshx` flags.
Expand Down
37 changes: 37 additions & 0 deletions internal/app/agentmode_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -145,6 +145,43 @@ func TestRun_BlockedCommandShortCircuits(t *testing.T) {
}
}

func TestRun_BlockedCommandJSONRedactsSecretLikeArguments(t *testing.T) {
t.Setenv("HOME", t.TempDir())
secretFragments := []string{"alpha", "bravo", "charlie", "delta"}
result := runReportedJSON(t, []string{
"sshx",
"-h=192.0.2.1",
"--json",
`sudo rm -rf / password="alpha bravo" --token "charlie delta"`,
})

if result["error_kind"] != "blocked" {
t.Fatalf("expected error_kind=blocked, got %v", result["error_kind"])
}
command, ok := result["command"].(string)
if !ok {
t.Fatalf("expected command string, got %T", result["command"])
}
if command != `sudo rm -rf / password=<redacted> --token <redacted>` {
t.Fatalf("unexpected redacted command: %q", command)
}
errText, ok := result["error"].(string)
if !ok {
t.Fatalf("expected error string, got %T", result["error"])
}
if !strings.Contains(errText, `password=<redacted> --token <redacted>`) {
t.Fatalf("expected redacted command in error, got %q", errText)
}
for _, fragment := range secretFragments {
if strings.Contains(command, fragment) {
t.Fatalf("command leaked secret fragment %q in %q", fragment, command)
}
if strings.Contains(errText, fragment) {
t.Fatalf("error leaked secret fragment %q in %q", fragment, errText)
}
}
}

func TestRun_JSONConfigFailuresDoNotConnect(t *testing.T) {
tests := []struct {
name string
Expand Down
4 changes: 2 additions & 2 deletions internal/app/app.go
Original file line number Diff line number Diff line change
Expand Up @@ -215,7 +215,7 @@ func emitCommandJSON(config *sshclient.Config, authMethod sshclient.AuthMethod,
Host: config.Host,
Port: config.Port,
User: config.User,
Command: config.Command,
Command: redactSensitiveText(config.Command),
ExitCode: res.ExitCode,
Success: execErr == nil && res.ExitCode == 0,
Stdout: res.Stdout,
Expand All @@ -227,7 +227,7 @@ func emitCommandJSON(config *sshclient.Config, authMethod sshclient.AuthMethod,
ErrorKind: errKind,
}
if execErr != nil {
result.Error = execErr.Error()
result.Error = redactError(execErr)
if result.ExitCode == 0 {
result.ExitCode = -1
}
Expand Down
Loading