CodeceptJS icon indicating copy to clipboard operation
CodeceptJS copied to clipboard
verified publisher icon codeceptjs

Not able to mask the payload and header with secret() method for REST and setCookie so that they are displayed in Allure report

Open AugustineAutoGit opened this issue 1 year ago • 8 comments

What are you trying to achieve?

Need to mask the payload and Headers in REST and setCookie that may contain sensitive information

What do you get instead?

Not able to mask the payload and header with secret() method. Hence the value is shown in Allure report. image

AugustineAutoGit avatar Dec 04 '24 06:12 AugustineAutoGit

@kobenguyent could you please have a look?

AugustineAutoGit avatar Dec 04 '24 06:12 AugustineAutoGit

hey @AugustineAutoGit per my knowledge, that thing shall be resolved by allure plugin quickly. Not sure if this shall be handled by codeceptjs, as those test files are generated by allure plugin.

kobenguyent avatar Dec 04 '24 15:12 kobenguyent

hi @kobenguyent But those steps are generated by CodeceptJS, like Allure plugin receives them from CodeceptJS only right? if the secret() method masking was working fine, then Allure will not get unmasked values. Also while in running with '--verbose', secret method is not masking as value are seen in logs as well. In the below screenshot I masked the payload, like 'I.sendPostRequest('/api/users.json', secret({ "email": "[email protected]" }));', but it's still visible image

AugustineAutoGit avatar Dec 05 '24 05:12 AugustineAutoGit

I could be wrong, but I think that, the proper way is that codeceptjs exposes the Step info as it is, the logs, plugins, etc shall mask the sensitive data as they desire. what do you think @DavertMik @AugustineAutoGit ?

kobenguyent avatar Dec 05 '24 12:12 kobenguyent

I could be wrong, but I think that, the proper way is that codeceptjs exposes the Step info as it is, the logs, plugins, etc shall mask the sensitive data as they desire. what do you think @DavertMik @AugustineAutoGit ?

@kobenguyent yes, but issue I am facing is the masking is not happening for REST

AugustineAutoGit avatar Dec 05 '24 12:12 AugustineAutoGit

@kobenguyent meanwhile do you have any boilerplate example repository which have used CodeceptJS with Feature files(Gherkin) and Playwright along with Allure report: allure-codeceptjs not the legacy: @codeceptjs/allure-legacy

AugustineAutoGit avatar Dec 05 '24 13:12 AugustineAutoGit

+100 to this request. The output library prints the Tokens when I.sendGetRequest or similar function is called with --verbose or --debug flag. Even with secret function, it's printed

gkushang avatar Dec 05 '24 16:12 gkushang

+100 to this request. The output library prints the Tokens when I.sendGetRequest or similar function is called with --verbose or --debug flag. Even with secret function, it's printed

@gkushang do you have any boilerplate example repository which have used CodeceptJS with Feature files(Gherkin) and Playwright along with Allure report: allure-codeceptjs not the legacy: @codeceptjs/allure-legacy ?

AugustineAutoGit avatar Dec 12 '24 13:12 AugustineAutoGit

Closing as Allure team addressed this already. See https://github.com/allure-framework/allure-js/pull/1208

kobenguyent avatar Aug 21 '25 15:08 kobenguyent