[MM-67502] Sanitize secret plugin settings inside sections (#35214)

This commit is contained in:
Ben Schumacher 2026-02-10 08:24:21 +01:00 committed by GitHub
parent 76b3528c2b
commit 9e7cd64800
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 94 additions and 0 deletions

View file

@ -3539,6 +3539,15 @@ func (s *PluginSettings) Sanitize(pluginManifests []*Manifest) {
break
}
}
for _, section := range manifest.SettingsSchema.Sections {
for _, definedSetting := range section.Settings {
if definedSetting.Secret && strings.EqualFold(definedSetting.Key, key) {
settings[key] = FakeSetting
break
}
}
}
}
}
}

View file

@ -1790,6 +1790,91 @@ func TestPluginSettingsSanitize(t *testing.T) {
},
},
},
"secret settings in sections are sanitized": {
manifests: []*Manifest{
{
Id: pluginID1,
SettingsSchema: &PluginSettingsSchema{
Settings: []*PluginSetting{
{
Key: "somesetting",
Type: "text",
Secret: false,
},
},
Sections: []*PluginSettingsSection{
{
Key: "section1",
Settings: []*PluginSetting{
{
Key: "secrettext",
Type: "text",
Secret: true,
},
{
Key: "secretnumber",
Type: "number",
Secret: true,
},
},
},
},
},
},
},
expected: map[string]map[string]any{
pluginID1: {
"someoldsettings": "some old value",
"somesetting": "some value",
"secrettext": FakeSetting,
"secretnumber": FakeSetting,
},
},
},
"secret settings across multiple sections": {
manifests: []*Manifest{
{
Id: pluginID1,
SettingsSchema: &PluginSettingsSchema{
Sections: []*PluginSettingsSection{
{
Key: "section1",
Settings: []*PluginSetting{
{
Key: "somesetting",
Type: "text",
Secret: false,
},
{
Key: "secrettext",
Type: "text",
Secret: true,
},
},
},
{
Key: "section2",
Settings: []*PluginSetting{
{
Key: "secretnumber",
Type: "number",
Secret: true,
},
},
},
},
},
},
},
expected: map[string]map[string]any{
pluginID1: {
"someoldsettings": "some old value",
"somesetting": "some value",
"secrettext": FakeSetting,
"secretnumber": FakeSetting,
},
},
},
} {
t.Run(name, func(t *testing.T) {
c := PluginSettings{}