docs(auth export): documment --unmasked flag#366
docs(auth export): documment --unmasked flag#366secustor wants to merge 2 commits intogoogleworkspace:mainfrom
Conversation
🦋 Changeset detectedLatest commit: eefbe52 The changes in this PR will be included in the next version bump. This PR includes changesets to release 1 package
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
|
Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). View this failed invocation of the CLA check for more information. For the most up to date status, view the checks section at the bottom of the pull request. |
Summary of ChangesHello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request focuses on enhancing the clarity and usability of the Highlights
Changelog
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request adds documentation for the --unmasked flag of the auth export command. The changes correctly document the flag in the help text and add a doc comment to the handle_export function. However, I've identified a critical security vulnerability in the handle_export function where it could leak unmasked secrets to stdout if the credential file is corrupted. I've left a comment with details on how to fix this.
|
/gemini review |
1 similar comment
|
/gemini review |
There was a problem hiding this comment.
Code Review
The pull request introduces an --unmasked flag for the gws auth export command, allowing it to print full credentials, and updates the command's help documentation accordingly. A review comment highlights that the current argument parsing for the export subcommand is fragile, does not handle --help correctly, and ignores extra arguments, suggesting an improvement to enhance robustness and consistency with other subcommands.
| " --login Run `gws auth login` after successful setup\n", | ||
| " status Show current authentication state\n", | ||
| " export Print decrypted credentials to stdout\n", | ||
| " --unmasked Print full credentials including secrets (default: masked)\n", |
There was a problem hiding this comment.
Thank you for adding the documentation. While reviewing, I noticed the argument parsing for the export subcommand is fragile and can lead to incorrect behavior (e.g., --help is not handled, extra arguments are ignored).
For improved robustness and consistency with other subcommands, I recommend enhancing the parsing logic. Here's a suggestion to handle --help and make flag detection more flexible:
"export" => {
let sub_args = &args[1..];
if sub_args.iter().any(|a| a == "--help" || a == "-h") {
println!("Usage: gws auth export [--unmasked]\n\n Print decrypted credentials to stdout.\n\nFLAGS:\n --unmasked Print full credentials including secrets (default: masked)");
return Ok(());
}
let unmasked = sub_args.iter().any(|arg| arg == "--unmasked");
handle_export(unmasked).await
}A dedicated parsing function for export arguments, similar to login and setup, would be an even better long-term solution.
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #366 +/- ##
==========================================
+ Coverage 61.72% 62.17% +0.44%
==========================================
Files 38 38
Lines 14603 14797 +194
==========================================
+ Hits 9014 9200 +186
- Misses 5589 5597 +8 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
3 participants
Description
Document
--unmaskedflag forgws auth exportChecklist:
AGENTS.mdguidelines (no generatedgoogle-*crates).cargo fmt --allto format the code perfectly.cargo clippy -- -D warningsand resolved all warnings.pnpx changeset) to document my changes.