From 8109c962f09d9acc473d92c595ff43afceddb347 Mon Sep 17 00:00:00 2001
From: eric sciple <ericsciple@users.noreply.github.com>
Date: Fri, 5 Mar 2021 15:17:55 -0600
Subject: [PATCH] mask secrets with double-quotes when passed to docker command
 line (#1002)

---
 src/Runner.Common/HostContext.cs           | 1 +
 src/Sdk/DTLogging/Logging/ValueEncoders.cs | 6 ++++++
 2 files changed, 7 insertions(+)

diff --git a/src/Runner.Common/HostContext.cs b/src/Runner.Common/HostContext.cs
index 8126f8c957c..d4ea48c39b2 100644
--- a/src/Runner.Common/HostContext.cs
+++ b/src/Runner.Common/HostContext.cs
@@ -84,6 +84,7 @@ public HostContext(string hostType, string logFile = null)
             this.SecretMasker.AddValueEncoder(ValueEncoders.Base64StringEscape);
             this.SecretMasker.AddValueEncoder(ValueEncoders.Base64StringEscapeShift1);
             this.SecretMasker.AddValueEncoder(ValueEncoders.Base64StringEscapeShift2);
+            this.SecretMasker.AddValueEncoder(ValueEncoders.CommandLineArgumentEscape);
             this.SecretMasker.AddValueEncoder(ValueEncoders.ExpressionStringEscape);
             this.SecretMasker.AddValueEncoder(ValueEncoders.JsonStringEscape);
             this.SecretMasker.AddValueEncoder(ValueEncoders.UriDataEscape);
diff --git a/src/Sdk/DTLogging/Logging/ValueEncoders.cs b/src/Sdk/DTLogging/Logging/ValueEncoders.cs
index 6a96c17206b..3f30dd54029 100644
--- a/src/Sdk/DTLogging/Logging/ValueEncoders.cs
+++ b/src/Sdk/DTLogging/Logging/ValueEncoders.cs
@@ -37,6 +37,12 @@ public static String Base64StringEscapeShift2(String value)
             return Base64StringEscapeShift(value, 2);
         }
 
+        // Used when we pass environment variables to docker to escape " with \"
+        public static String CommandLineArgumentEscape(String value)
+        {
+            return value.Replace("\"", "\\\"");
+        }
+
         public static String ExpressionStringEscape(String value)
         {
             return Expressions2.Sdk.ExpressionUtility.StringEscape(value);