Escape value being scrubbed

2020-08-20 18:03:01 -05:00 · 2020-08-20 18:03:01 -05:00 · e2f012ff58
commit e2f012ff58
parent bb5d0e9c28
2 changed files with 13 additions and 1 deletions
--- a/lib/vagrant/util/credential_scrubber.rb
+++ b/lib/vagrant/util/credential_scrubber.rb
@ -32,7 +32,7 @@ module Vagrant
      def self.desensitize(string)
        string = string.to_s.dup
        sensitive_strings.each do |remove|
-          string.gsub!(/(\W|^)#{remove}(\W|$)/, " #{REPLACEMENT_TEXT} ")
+          string.gsub!(/(\W|^)#{Regexp.escape(remove)}(\W|$)/, "\\1#{REPLACEMENT_TEXT}\\2")
        end
        string
      end
--- a/test/unit/vagrant/util/credential_scrubber_test.rb
+++ b/test/unit/vagrant/util/credential_scrubber_test.rb
@ -107,5 +107,17 @@ describe Vagrant::Util::CredentialScrubber do
        expect(result).to include("my-cats-birthday")
      end
    end
+
+    context "with sensitive words that are part of non-sensitive words" do
+      let(:to_scrub){ ["avery@strange/string^indeed!"] }
+      let(:string){ "a line of text with avery@strange/string^indeed! my-birthday and my-cats-birthday embedded" }
+
+      it "should work for strings with escape characters" do
+        result = subject.desensitize(string)
+        to_scrub.each do |registered_value|
+          expect(result).not_to include(registered_value)
+        end
+      end
+    end
  end
 end