[recorder] Sanitize tokens in recorded tests for auth
See original GitHub issueWe’ll need to sanitize token values in both headers and message bodies in our tests once.
In the .NET test framework, I needed to add:
- Sanitization for tokens in headers values
- Sanitization for tokens in message bodies
For message bodies, .NET did not support sanitization of application/x-www-form-urlencoded
content types. This needed to be added specially to the ACR-specific sanitizer.
I don’t know how the test framework works in other languages, but this issue represents the work to investigate and implement sanitization in recorded tests so we don’t check in secrets in our test recordings.
Issue Analytics
- State:
- Created 2 years ago
- Comments:5 (5 by maintainers)
Top Results From Across the Web
Writing Tests for github3.py — github3.py 3.2.0 documentation
Recording Cassettes that Require Authentication/Authorization¶ ... If you are concerned that your credentials will be saved, you need not worry. Betamax sanitizes ......
Read more >Need to regenerate records if matchRequestsBy changes #193
FWIW I am just starting to use polly for a workflow of: Record with a secret token (to get back valid responses from...
Read more >Recording Web load test project in visual studio - Stack Overflow
After we do login in url, it is getting failed in visual studio. As login has some authentication token,ids etc. So how can...
Read more >Testing with VCR and Token Authentication - Element 84
VCR allows you to create a Custom RequestMatcher. With this, we can create a matcher that ignores the auth token (or other problematic/mutable ......
Read more >Qualys Browser Recorder User Guide
Qualys Browser Recorder is a free browser extension to record & play back scripts for web application automation testing. Qualys Browser ...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
I believe this has been addressed in the unified recorder?
Sure!
Here is the PR: https://github.com/Azure/azure-sdk-for-net/pull/19696
You can see the
ContainerRegistryRecordedTestSanitizer
class I added for .NET here: https://github.com/Azure/azure-sdk-for-net/pull/19696/files?file-filters[]=.cs#diff-df9ae6fe8cf7eaf74104691a4fe7b2aeb4890d35aa6432ec4688154451429879R11