Update sanitize function

README.md

@@ -31,7 +31,6 @@
     <a href="https://github.com/Checkmarx/ast-cli/issues/new/choose">Report Bug</a>
     ·
     <a href="https://github.com/Checkmarx/ast-cli/issues/new/choose">Request Feature</a>
-  </p>
 </p>
 
 

internal/commands/auth.go

@@ -134,11 +134,13 @@ func runRegister(authWrapper wrappers.AuthWrapper) func(cmd *cobra.Command, args
 		if username == "" {
 			return errors.Errorf(pleaseProvideFlag, failedCreatingClient, params.UsernameFlag)
 		}
+		viper.Set(params.UsernameFlag, username)
 
 		password, _ := cmd.Flags().GetString(params.PasswordFlag)
 		if password == "" {
 			return errors.Errorf(pleaseProvideFlag, failedCreatingClient, params.PasswordFlag)
 		}
+		viper.Set(params.PasswordFlag, password)
 
 		roles, _ := cmd.Flags().GetStringSlice(params.ClientRolesFlag)
 		err := validateRoles(roles)

internal/commands/project.go

@@ -9,8 +9,9 @@ import (
 	"github.com/MakeNowJust/heredoc"
 	"github.com/checkmarx/ast-cli/internal/commands/util"
 	"github.com/checkmarx/ast-cli/internal/commands/util/printer"
-
+	"github.com/checkmarx/ast-cli/internal/logger"
 	commonParams "github.com/checkmarx/ast-cli/internal/params"
+	"github.com/spf13/viper"
 
 	"github.com/pkg/errors"
 
@@ -306,7 +307,7 @@ func runCreateProjectCommand(
 		}
 		var payload []byte
 		payload, _ = json.Marshal(projModel)
-		PrintIfVerbose(fmt.Sprintf("Payload to projects service: %s\n", string(payload)))
+		logger.PrintIfVerbose(fmt.Sprintf("Payload to projects service: %s\n", string(payload)))
 		projResponseModel, errorModel, err = projectsWrapper.Create(&projModel)
 		if err != nil {
 			return errors.Wrapf(err, "%s", failedCreatingProj)
@@ -350,6 +351,8 @@ func updateProjectConfigurationIfNeeded(cmd *cobra.Command, projectsWrapper wrap
 				return sshErr
 			}
 
+			viper.Set(commonParams.SSHValue, sshKey)
+
 			sshKeyConf := getProjectConfiguration(sshConfKey, "sshKey", git, projOriginLevel, sshKey, "Secret", true)
 
 			projectConfigurations = append(projectConfigurations, sshKeyConf)
@@ -435,6 +438,7 @@ func runListProjectsCommand(projectsWrapper wrappers.ProjectsWrapper) func(cmd *
 		if err != nil {
 			return errors.Wrapf(err, "%s\n", failedGettingAll)
 		}
+
 		// Checking the response
 		if errorModel != nil {
 			return errors.Errorf(ErrorCodeFormat, failedGettingAll, errorModel.Code, errorModel.Message)

internal/commands/root.go

@@ -9,6 +9,7 @@ import (
 	"github.com/MakeNowJust/heredoc"
 	"github.com/checkmarx/ast-cli/internal/commands/util"
 	"github.com/checkmarx/ast-cli/internal/commands/util/printer"
+	"github.com/checkmarx/ast-cli/internal/logger"
 	"github.com/checkmarx/ast-cli/internal/params"
 	"github.com/pkg/errors"
 
@@ -147,23 +148,9 @@ func NewAstCLI(
 const configFormatString = "%30v: %s"
 
 func PrintConfiguration() {
-	if viper.GetBool(params.DebugFlag) {
-		log.Println("CLI Configuration:")
-		for param := range util.Properties {
-			if param == "cx_client_secret" && len(viper.GetString(param)) > 0 {
-				log.Println(fmt.Sprintf(configFormatString, param, "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"))
-			} else if param == "cx_apikey" && len(viper.GetString(param)) > 0 {
-				log.Println(fmt.Sprintf(configFormatString, param, "XXXXXXXXXXXXXXXXXXXXX"))
-			} else {
-				log.Println(fmt.Sprintf(configFormatString, param, viper.GetString(param)))
-			}
-		}
-	}
-}
-
-func PrintIfVerbose(msg string) {
-	if viper.GetBool(params.DebugFlag) {
-		log.Println(msg)
+	logger.PrintIfVerbose("CLI Configuration:")
+	for param := range util.Properties {
+		logger.PrintIfVerbose(fmt.Sprintf(configFormatString, param, viper.GetString(param)))
 	}
 }
 

internal/commands/scan.go

@@ -18,6 +18,7 @@ import (
 
 	"github.com/checkmarx/ast-cli/internal/commands/util"
 	"github.com/checkmarx/ast-cli/internal/commands/util/printer"
+	"github.com/checkmarx/ast-cli/internal/logger"
 	"github.com/google/shlex"
 	"github.com/google/uuid"
 	"github.com/pkg/errors"
@@ -641,7 +642,7 @@ func compressFolder(sourceDir, filter, userIncludeFilter, scaResolver string) (s
 	if err != nil {
 		return "", err
 	}
-	PrintIfVerbose(fmt.Sprintf("Zip size:  %.2fMB\n", float64(stat.Size())/mbBytes))
+	logger.PrintIfVerbose(fmt.Sprintf("Zip size:  %.2fMB\n", float64(stat.Size())/mbBytes))
 	return outputFile.Name(), err
 }
 
@@ -667,13 +668,13 @@ func addDirFilesIgnoreFilter(zipWriter *zip.Writer, baseDir, parentDir string) e
 	}
 	for _, file := range files {
 		if file.IsDir() {
-			PrintIfVerbose("Directory: " + file.Name())
+			logger.PrintIfVerbose("Directory: " + file.Name())
 			newParent := parentDir + file.Name() + "/"
 			newBase := baseDir + file.Name() + "/"
 			err = addDirFilesIgnoreFilter(zipWriter, newBase, newParent)
 		} else {
 			fileName := parentDir + file.Name()
-			PrintIfVerbose("Included: " + fileName)
+			logger.PrintIfVerbose("Included: " + fileName)
 			dat, _ := ioutil.ReadFile(fileName)
 
 			f, _ := zipWriter.Create(baseDir + file.Name())
@@ -715,7 +716,7 @@ func handleFile(
 ) error {
 	fileName := parentDir + file.Name()
 	if filterMatched(includeFilters, file.Name()) && filterMatched(filters, file.Name()) {
-		PrintIfVerbose("Included: " + fileName)
+		logger.PrintIfVerbose("Included: " + fileName)
 		dat, err := ioutil.ReadFile(parentDir + file.Name())
 		if err != nil {
 			if os.IsNotExist(err) {
@@ -732,7 +733,7 @@ func handleFile(
 			return err
 		}
 	} else {
-		PrintIfVerbose("Excluded: " + fileName)
+		logger.PrintIfVerbose("Excluded: " + fileName)
 	}
 	return nil
 }
@@ -747,7 +748,7 @@ func handleDir(
 ) error {
 	// Check if folder belongs to the disabled exclusions
 	if commonParams.DisabledExclusions[file.Name()] {
-		PrintIfVerbose("The folder " + file.Name() + " is being included")
+		logger.PrintIfVerbose("The folder " + file.Name() + " is being included")
 		newParent, newBase := GetNewParentAndBase(parentDir, file, baseDir)
 		return addDirFilesIgnoreFilter(zipWriter, newBase, newParent)
 	}
@@ -760,7 +761,7 @@ func handleDir(
 				return err
 			}
 			if match {
-				PrintIfVerbose("Excluded: " + parentDir + file.Name() + "/")
+				logger.PrintIfVerbose("Excluded: " + parentDir + file.Name() + "/")
 				return nil
 			}
 		}
@@ -770,7 +771,7 @@ func handleDir(
 }
 
 func GetNewParentAndBase(parentDir string, file fs.FileInfo, baseDir string) (newParent, newBase string) {
-	PrintIfVerbose("Directory: " + parentDir + file.Name())
+	logger.PrintIfVerbose("Directory: " + parentDir + file.Name())
 	newParent = parentDir + file.Name() + "/"
 	newBase = baseDir + file.Name() + "/"
 	return newParent, newBase
@@ -829,13 +830,13 @@ func runScaResolver(sourceDir, scaResolver, scaResolverParams string) error {
 		if err != nil {
 			return errors.Errorf("%s", err)
 		}
-		PrintIfVerbose(string(out))
+		logger.PrintIfVerbose(string(out))
 	}
 	return nil
 }
 
 func addScaResults(zipWriter *zip.Writer) error {
-	PrintIfVerbose("Included SCA Results: " + ".cxsca-results.json")
+	logger.PrintIfVerbose("Included SCA Results: " + ".cxsca-results.json")
 	dat, err := ioutil.ReadFile(scaResolverResultsFile)
 	_ = os.Remove(scaResolverResultsFile)
 	if err != nil {
@@ -908,7 +909,7 @@ func getUploadURLFromSource(
 		if zipFilePathErr != nil {
 			return "", errors.Wrapf(zipFilePathErr, "%s: Failed to upload sources file\n", failedCreating)
 		}
-		PrintIfVerbose(fmt.Sprintf("Uploading file to %s\n", *preSignedURL))
+		logger.PrintIfVerbose(fmt.Sprintf("Uploading file to %s\n", *preSignedURL))
 		return *preSignedURL, zipFilePathErr
 	}
 	return preSignedURL, nil
@@ -932,13 +933,13 @@ func UnzipFile(f string) (string, error) {
 
 	for _, f := range archive.File {
 		filePath := filepath.Join(tempDir, f.Name)
-		PrintIfVerbose("unzipping file " + filePath + "...")
+		logger.PrintIfVerbose("unzipping file " + filePath + "...")
 
 		if !strings.HasPrefix(filePath, filepath.Clean(tempDir)+string(os.PathSeparator)) {
 			return "", errors.New("invalid file path " + filePath)
 		}
 		if f.FileInfo().IsDir() {
-			PrintIfVerbose("creating directory...")
+			logger.PrintIfVerbose("creating directory...")
 			err = os.MkdirAll(filePath, os.ModePerm)
 			if err != nil {
 				return "", errors.Errorf("%s %s", errorUnzippingFile, err.Error())
@@ -1155,6 +1156,10 @@ func setupScanHandler(
 
 func defineSSHCredentials(sshKeyPath string, handler *wrappers.ScanHandler) error {
 	sshKey, err := util.ReadFileAsString(sshKeyPath)
+	if err != nil {
+		return err
+	}
+	viper.Set(commonParams.SSHValue, sshKey)
 
 	credentials := wrappers.GitCredentials{}
 
@@ -1163,7 +1168,7 @@ func defineSSHCredentials(sshKeyPath string, handler *wrappers.ScanHandler) erro
 
 	handler.Credentials = credentials
 
-	return err
+	return nil
 }
 
 func handleWait(
@@ -1238,7 +1243,7 @@ func applyThreshold(
 		currentValue := summaryMap[key]
 		failed := currentValue >= thresholdLimit
 		logMessage := fmt.Sprintf(thresholdLog, key, thresholdLimit, currentValue)
-		PrintIfVerbose(logMessage)
+		logger.PrintIfVerbose(logMessage)
 
 		if failed {
 			errorBuilder.WriteString(fmt.Sprintf("%s | ", logMessage))

internal/commands/util/usercount/gitlab.go

@@ -6,6 +6,7 @@ import (
 	"strings"
 
 	"github.com/checkmarx/ast-cli/internal/commands/util/printer"
+	"github.com/checkmarx/ast-cli/internal/logger"
 	"github.com/checkmarx/ast-cli/internal/params"
 	"github.com/checkmarx/ast-cli/internal/wrappers"
 	"github.com/pkg/errors"
@@ -151,7 +152,7 @@ func collectFromGitLabGroups(gitLabWrapper wrappers.GitLabWrapper) (
 					repoAccessLevelDisabled) || strings.EqualFold(
 					gitLabProject.RepoAccessLevel,
 					repoAccessLevelPrivate) {
-					wrappers.PrintIfVerbose(
+					logger.PrintIfVerbose(
 						fmt.Sprintf(
 							"Skipping the project %s because of empty repository.",
 							gitLabProject.PathWithNameSpace))
@@ -191,7 +192,7 @@ func collectFromUser(gitLabWrapper wrappers.GitLabWrapper) (
 		if gitLabProject.EmptyRepo || strings.EqualFold(
 			gitLabProject.RepoAccessLevel,
 			repoAccessLevelDisabled) || strings.EqualFold(gitLabProject.RepoAccessLevel, repoAccessLevelPrivate) {
-			wrappers.PrintIfVerbose(
+			logger.PrintIfVerbose(
 				fmt.Sprintf(
 					"Skipping the project %s because of empty repository.", gitLabProject.PathWithNameSpace))
 		} else {

internal/logger/utils.go

@@ -0,0 +1,58 @@
+package logger
+
+import (
+	"fmt"
+	"log"
+	"net/http"
+	"net/http/httputil"
+	"strings"
+	"unicode/utf8"
+
+	"github.com/checkmarx/ast-cli/internal/params"
+	"github.com/spf13/viper"
+)
+
+var sanitizeFlags = []string{
+	params.AstAPIKey, params.AccessKeyIDConfigKey, params.AccessKeySecretConfigKey,
+	params.UsernameFlag, params.PasswordFlag,
+	params.AstToken, params.SSHValue,
+	params.SCMTokenFlag,
+}
+
+func PrintIfVerbose(msg string) {
+	if viper.GetBool(params.DebugFlag) {
+		if utf8.Valid([]byte(msg)) {
+			log.Print(sanitizeLogs(msg))
+		} else {
+			log.Print("Request contains binary data and cannot be printed!")
+		}
+	}
+}
+
+func PrintRequest(r *http.Request) {
+	PrintIfVerbose("Sending API request to:")
+	requestDump, err := httputil.DumpRequest(r, true)
+	if err != nil {
+		fmt.Println(err)
+	}
+	PrintIfVerbose(string(requestDump))
+}
+
+func PrintResponse(r *http.Response, body bool) {
+	PrintIfVerbose("Receiving API response:")
+	requestDump, err := httputil.DumpResponse(r, body)
+	if err != nil {
+		fmt.Println(err)
+	}
+	PrintIfVerbose(string(requestDump))
+}
+
+func sanitizeLogs(msg string) string {
+	for _, flag := range sanitizeFlags {
+		value := viper.GetString(flag)
+		if len(value) > 0 {
+			msg = strings.ReplaceAll(msg, value, "***")
+		}
+	}
+	return msg
+}

internal/params/flags.go

@@ -100,14 +100,14 @@ const (
 	QueryIDFlag              = "query-id"
 	SSHKeyFlag               = "ssh-key"
 	RepoURLFlag              = "repo-url"
-
-	// INDIVIDUAL FILTER	FLAGS
-	SastFilterFlag  = "sast-filter"
-	SastFilterUsage = "SAST filter"
-	KicsFilterFlag  = "kics-filter"
-	KicsFilterUsage = "KICS filter"
-	ScaFilterFlag   = "sca-filter"
-	ScaFilterUsage  = "SCA filter"
+	AstToken                 = "ast-token"
+	SSHValue                 = "ssh-value"
+	SastFilterFlag           = "sast-filter"
+	SastFilterUsage          = "SAST filter"
+	KicsFilterFlag           = "kics-filter"
+	KicsFilterUsage          = "KICS filter"
+	ScaFilterFlag            = "sca-filter"
+	ScaFilterUsage           = "SCA filter"
 )
 
 // Parameter values

internal/wrappers/azure-http.go

@@ -9,6 +9,7 @@ import (
 
 	b64 "encoding/base64"
 
+	"github.com/checkmarx/ast-cli/internal/logger"
 	"github.com/checkmarx/ast-cli/internal/params"
 	"github.com/pkg/errors"
 	"github.com/spf13/viper"
@@ -82,8 +83,6 @@ func (g *AzureHTTPWrapper) GetProjects(url, organizationName, token string) (Azu
 func (g *AzureHTTPWrapper) get(url, token string, target interface{}, queryParams map[string]string, authFormat string) error {
 	var err error
 
-	PrintIfVerbose(fmt.Sprintf("Request to %s", url))
-
 	req, err := http.NewRequest(http.MethodGet, url, nil)
 	if err != nil {
 		return err
@@ -99,13 +98,19 @@ func (g *AzureHTTPWrapper) get(url, token string, target interface{}, queryParam
 	}
 	req.URL.RawQuery = q.Encode()
 	resp, err := g.client.Do(req)
+
 	if err != nil {
 		return err
 	}
 
+	logger.PrintRequest(req)
+
 	defer func() {
 		_ = resp.Body.Close()
 	}()
+
+	logger.PrintResponse(resp, true)
+
 	switch resp.StatusCode {
 	case http.StatusOK:
 		err = json.NewDecoder(resp.Body).Decode(target)

internal/wrappers/bfl-http.go

@@ -41,7 +41,6 @@ func handleBflResponseWithBody(resp *http.Response, err error) (*BFLResponseMode
 		return nil, nil, err
 	}
 
-	PrintIfVerbose(fmt.Sprintf("Response : %s", resp.Status))
 	decoder := json.NewDecoder(resp.Body)
 
 	defer func() {