Redact bearer tokens in error messages #88
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…rMessage function
There was a problem hiding this comment.
Pull Request Overview
This PR implements a new function, Set-RedactedString, to prevent exposure of sensitive Bearer tokens in error messages and logs. Key changes include:
- Introducing Set-RedactedString to redact sensitive information.
- Integrating Set-RedactedString with Export-Entra’s error and debug output.
- Updating the module manifest to export the new function.
Reviewed Changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| src/internal/Set-RedactedString.ps1 | New function for redacting sensitive strings in error messages. |
| src/Export-Entra.ps1 | Updated error and debug outputs to use Set-RedactedString. |
| src/EntraExporter.psd1 | Added Set-RedactedString to the export list. |
There was a problem hiding this comment.
Pull Request Overview
This pull request implements security enhancements by introducing a new function, Set-RedactedString, to redact sensitive information from error messages and logs, and integrates it within the Export-Entra function.
- Adds the Set-RedactedString function to process strings containing Bearer tokens and other secrets.
- Updates Export-Entra to pipe error and debug messages through the redaction function.
- Exports the new function via the module manifest to make it available to users.
Reviewed Changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| src/internal/Set-RedactedString.ps1 | Implements the new function to redact sensitive strings. |
| src/Export-Entra.ps1 | Updates error and debug outputs to use Set-RedactedString. |
| src/EntraExporter.psd1 | Adds Set-RedactedString to the export list for module access. |
Comments suppressed due to low confidence (1)
src/internal/Set-RedactedString.ps1:36
- [nitpick] Although PowerShell variables are case-insensitive, using '$pattern' instead of the previously defined '$Pattern' may lead to confusion. Consider using consistent casing for clarity.
$RedactedString = [regex]::Replace($InputString, $pattern, '${1}[REDACTED]')
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request introduces a new function,
Set-RedactedString, to enhance security by redacting sensitive information in error messages and logs. It also integrates this functionality into existing code to ensure sensitive data is not exposed in debug or error output.This provides a potential fix for #74.
Security Enhancements:
Set-RedactedStringfunction to redact sensitive information such as Bearer tokens from strings. This function replaces sensitive data with[REDACTED]and supports both direct input and pipeline input. (src/internal/Set-RedactedString.ps1, src/internal/Set-RedactedString.ps1R1-R43)Export-Entrafunction to useSet-RedactedStringfor redacting sensitive information in debug and error messages. (src/Export-Entra.ps1, src/Export-Entra.ps1L148-R150)Module Updates:
Set-RedactedStringto theFunctionsToExportlist in the module manifest to make it accessible as part of the module. (src/EntraExporter.psd1, src/EntraExporter.psd1R82)