tetragon: Add redact test for environment variables

Signed-off-by: Jiri Olsa <[email protected]>

Author: olsajiri

pkg/fieldfilters/redaction_test.go

@@ -78,6 +78,7 @@ func TestRedact_Simple(t *testing.T) {
 	redacted, _ := filters.Redact("", args, "")
 	assert.Equal(t, "--verbose=true --password "+REDACTION_STR+" --username foobar", redacted)
 }
+
 func TestRedact_BinaryFilter(t *testing.T) {
 	args := "--verbose=true --password ybx511!ackt544 --username foobar"
 
@@ -102,3 +103,27 @@ func TestRedact_Multi(t *testing.T) {
 	redacted, _ := filters.Redact("", args, "")
 	assert.Equal(t, "--verbose=true --password "+REDACTION_STR+" --username foobar "+REDACTION_STR+"cake "+REDACTION_STR+" innocent", redacted)
 }
+
+func TestRedact_Envs(t *testing.T) {
+	envs := "VAR1=XXX SSH_PASSWORD=verysecretpassword VAR2=YYY"
+
+	filterList := `{"redact": ["(?:SSH_PASSWORD)[\\s=]+(\\S+)"]}`
+	filters, err := ParseRedactionFilterList(filterList)
+	require.NoError(t, err)
+
+	_, redacted := filters.Redact("", "", envs)
+	assert.Equal(t, "VAR1=XXX SSH_PASSWORD="+REDACTION_STR+" VAR2=YYY", redacted)
+}
+
+func TestRedact_ArgsWithEnvs(t *testing.T) {
+	args := "--verbose=true --password ybx511!ackt544 --username foobar cheesecake TOPSECRET innocent"
+	envs := "VAR1=XXX SSH_PASSWORD=verysecretpassword VAR2=YYY"
+
+	filterList := `{"redact": ["(?:--password|-p)[\\s=]+(\\S+)", "\\W(TOPSECRET)\\W", "(cheese)cake", "(?:SSH_PASSWORD)[\\s=]+(\\S+)"]}`
+	filters, err := ParseRedactionFilterList(filterList)
+	require.NoError(t, err)
+
+	args, envs = filters.Redact("", args, envs)
+	assert.Equal(t, "--verbose=true --password "+REDACTION_STR+" --username foobar "+REDACTION_STR+"cake "+REDACTION_STR+" innocent", args)
+	assert.Equal(t, "VAR1=XXX SSH_PASSWORD="+REDACTION_STR+" VAR2=YYY", envs)
+}