Scrub credentials as whole words, don't capture matching substrings

2020-08-18 11:38:04 -05:00 · 2020-08-18 11:38:04 -05:00 · 27b37ea838
commit 27b37ea838
parent 2063111ab5
2 changed files with 14 additions and 1 deletions
--- a/lib/vagrant/util/credential_scrubber.rb
+++ b/lib/vagrant/util/credential_scrubber.rb
@ -32,7 +32,7 @@ module Vagrant
      def self.desensitize(string)
        string = string.to_s.dup
        sensitive_strings.each do |remove|
-          string.gsub!(remove, REPLACEMENT_TEXT)
+          string.gsub!(/(\W|^)#{remove}(\W|$)/, " #{REPLACEMENT_TEXT} ")
        end
        string
      end
--- a/test/unit/vagrant/util/credential_scrubber_test.rb
+++ b/test/unit/vagrant/util/credential_scrubber_test.rb
@ -94,5 +94,18 @@ describe Vagrant::Util::CredentialScrubber do
        end
      end
    end
+
+    context "with sensitive words that are part of non-sensitive words" do
+      let(:to_scrub){ ["a"] }
+     
+      it "should not remove parts of words" do
+        result = subject.desensitize(string)
+        to_scrub.each do |registered_value|
+          expect(result).not_to match(/(\W|^)#{registered_value}(\W|$)/)
+        end
+        expect(result).to include("my-birthday")
+        expect(result).to include("my-cats-birthday")
+      end
+    end
  end
 end