Merge pull request #37 from DelineaXPM/delineaSagar.fixSecurityIssue

Used isPassword flag to check secret field instead of field name
DelineaXPM · May 25, 2023 · 8370797 · 8370797
2 parents e7c2834 + 45728e9
commit 8370797
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 21 deletions.
diff --git a/DSSV1/index.ts b/DSSV1/index.ts
@@ -58,7 +58,7 @@ async function run() {
                         if (field.slug) {
                             let name: string = taskParameters.getVariableName(field.slug);
                             let value: string = field.itemValue;
-                            let secret: boolean = taskParameters.isSecret(name);
+                            let secret: boolean = field.isPassword ?? false;
                             tl.setVariable(name, value, secret);
                             console.log(`Stored value for field '${fieldName}' in the variable '${name}' (secret: ${secret})`);
                         }
@@ -83,4 +83,4 @@ async function run() {
     }
 }
 
-run();
+run();
diff --git a/DSSV1/models/ServerTaskParameters.ts b/DSSV1/models/ServerTaskParameters.ts
@@ -60,24 +60,6 @@ export class ServerTaskParameters {
         return this.variablePrefix ? this.variablePrefix + fieldName : fieldName;
     }
 
-    /**
-     * Determines whether the field should be considered 'secret'
-     * @param fieldName is the field name or slug in the secret field
-     */
-    public isSecret(fieldName: string): boolean {
-		let secrets: Array<string>;
-		secrets = ['password', 'private'];
-        let lowered: string = fieldName.toLowerCase();
-
-		for (let secret of secrets) {
-			if (lowered.indexOf(secret) != -1) {
-				return true;
-			}
-		}
-
-		return false;
-    }
-
     /**
      * Determines if all the fields should be read from the secret.
      * @returns true if the filter is "*" or undefined/empty, false otherwise.
@@ -125,4 +107,4 @@ export class ServerTaskParameters {
 
         return fieldNames;
     }
-}
+}