aiden
/
depot_tools
mirror of https://chromium.googlesource.com/chromium/tools/depot_tools
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

ninjalog_uploader: Collect all GN args except sensitive information

Browse Source 
Bug: 364971744
Fixed: 364971744
Change-Id: Ia09ba43f3cd12638923b3add458f2f32f9a03860
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/5836322
Commit-Queue: Junji Watanabe <jwata@google.com>
Auto-Submit: Junji Watanabe <jwata@google.com>
Reviewed-by: Fumitoshi Ukai <ukai@google.com>
Reviewed-by: Takuto Ikuta <tikuta@chromium.org>
Commit-Queue: Fumitoshi Ukai <ukai@google.com>
changes/22/5836322/6
Junji Watanabe 8 months ago committed by LUCI CQ
parent 43691064b4
commit 4250face7b
2 changed files with 53 additions and 25 deletions
Show Stats Download Patch File Download Diff File

47
ninjalog_uploader.py
Unescape Escape View File

@ -17,6 +17,7 @@ See also the privacy review. http://eldar/assessments/656778450
"""
import argparse
import getpass
import gzip
import http
import io
@ -33,41 +34,39 @@ import urllib.request
import build_telemetry
# These build configs affect build performance.
ALLOWLISTED_CONFIGS = (
"android_static_analysis",
"blink_symbol_level",
"disable_android_lint",
"enable_nacl",
"host_cpu",
"host_os",
"incremental_install",
"is_component_build",
"is_debug",
"is_java_debug",
"symbol_level",
"target_cpu",
"target_os",
"treat_warnings_as_errors",
"use_errorprone_java_compiler",
"use_remoteexec",
"use_siso",
# Configs that should not be uploaded as is.
SENSITIVE_CONFIGS = (
"google_api_key",
"google_default_client_id",
"google_default_client_secret",
"ios_credential_provider_extension_api_key",
"ios_credential_provider_extension_client_id",
"ios_encryption_export_compliance_code",
"ios_google_test_oauth_client_id",
"ios_google_test_oauth_client_secret",
)
def ParseGNArgs(gn_args):
"""Parse gn_args as json and return config dictionary."""
configs = json.loads(gn_args)
build_configs = {}
user = getpass.getuser()
for config in configs:
key = config["name"]
if key not in ALLOWLISTED_CONFIGS:
continue
if "current" in config:
build_configs[key] = config["current"]["value"]
value = config["current"]["value"]
else:
build_configs[key] = config["default"]["value"]
value = config["default"]["value"]
value = value.strip('"')
if key in SENSITIVE_CONFIGS and value:
value = '<omitted>'
# Do not upload username.
if os.path.isabs(value):
value = os.path.join(*[
p if p != user else "$USER" for p in pathlib.Path(value).parts
])
build_configs[key] = value
return build_configs

31
tests/ninjalog_uploader_test.py
Unescape Escape View File

@ -41,7 +41,7 @@ class NinjalogUploaderTest(unittest.TestCase):
},
])), {
'is_component_build': 'true',
'host_cpu': '"x64"',
'host_cpu': 'x64',
})
self.assertEqual(
@ -70,6 +70,35 @@ class NinjalogUploaderTest(unittest.TestCase):
'use_remoteexec': 'false'
})
# Do not include sensitive information.
with unittest.mock.patch('getpass.getuser', return_value='bob'):
args = ninjalog_uploader.ParseGNArgs(
json.dumps([
{
'current': {
'value': 'xyz'
},
'default': {
'value': ''
},
'name': 'google_api_key'
},
{
'current': {
'value': '/home/bob/bobo'
},
'default': {
'value': ''
},
'name': 'path_with_homedir'
},
]))
self.assertEqual(
args, {
'google_api_key': '<omitted>',
'path_with_homedir': '/home/$USER/bobo',
})
def test_get_ninjalog(self):
# No args => default to cwd.
self.assertEqual(ninjalog_uploader.GetNinjalog(['ninja']),

Write Preview
Loading…
Cancel
Save