(chocolatey#770) Disable showing of sensitive arguments

This commit replaces the values in sensitive arguments to instead show the translatable string `[REDACTED ARGUMENT]` to ensure that sensitive arguments are not displayed to the user. This relies on the ArgumentUtility helper to detect whether the sensitive argument should be shown or not.
AdmiringWorm · Jan 24, 2022 · 0baa8f4 · 0baa8f4
1 parent e704b2d
commit 0baa8f4
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 11 deletions.
diff --git a/Source/ChocolateyGui.Common.Windows/Services/PackageArgumentsService.cs b/Source/ChocolateyGui.Common.Windows/Services/PackageArgumentsService.cs
@@ -72,19 +72,28 @@ public IEnumerable<string> DecryptPackageArgumentsFile(string id, string version
                 ? arguments
                 : _encryptionUtility.decrypt_string(arguments);
 
+            // Lets do a global check first to see if there are any sensitive arguments
+            // before we filter out the values used later.
             var sensitiveArgs = ArgumentsUtility.arguments_contain_sensitive_information(packageArgumentsUnencrypted);
 
             var packageArgumentsSplit =
                 packageArgumentsUnencrypted.Split(new[] { " --" }, StringSplitOptions.RemoveEmptyEntries);
 
             foreach (var packageArgument in packageArgumentsSplit.or_empty_list_if_null())
             {
+                var isSensitiveArgument = sensitiveArgs && ArgumentsUtility.arguments_contain_sensitive_information(packageArgument);
+
                 var packageArgumentSplit =
                     packageArgument.Split(new[] { '=' }, 2, StringSplitOptions.RemoveEmptyEntries);
+
                 var optionName = packageArgumentSplit[0].to_string();
                 var optionValue = string.Empty;
 
-                if (packageArgumentSplit.Length == 2)
+                if (packageArgumentSplit.Length == 2 && isSensitiveArgument)
+                {
+                    optionValue = Resources.PackageArgumentService_RedactedArgument;
+                }
+                else if (packageArgumentSplit.Length == 2)
                 {
                     optionValue = packageArgumentSplit[1].to_string().remove_surrounding_quotes();
                     if (optionValue.StartsWith("'"))

diff --git a/Source/ChocolateyGui.Common/Properties/Resources.Designer.cs b/Source/ChocolateyGui.Common/Properties/Resources.Designer.cs
diff --git a/Source/ChocolateyGui.Common/Properties/Resources.resx b/Source/ChocolateyGui.Common/Properties/Resources.resx
@@ -1260,4 +1260,7 @@ Please contact your System Administrator to enable this operation.</value>
     <value>Arguments for the Package {0}</value>
     <comment>{0} = The Title of the package</comment>
   </data>
+  <data name="PackageArgumentService_RedactedArgument" xml:space="preserve">
+    <value>[REDACTED ARGUMENT]</value>
+  </data>
 </root>