Closed grvillic closed 3 weeks ago
Attention: Patch coverage is 73.33333%
with 4 lines
in your changes missing coverage. Please review.
Project coverage is 76.3%. Comparing base (
dec038a
) to head (a172d54
).
Files | Patch % | Lines |
---|---|---|
...onentDetection.Common/Utilities/StringUtilities.cs | 72.7% | 3 Missing :warning: |
...ntDetection.Common/CommandLineInvocationService.cs | 66.6% | 1 Missing :warning: |
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
👋 Hi! It looks like you modified some files in the Detectors
folder.
You may need to bump the detector versions if any of the following scenarios apply:
devDependencies
values than beforeIf none of the above scenarios apply, feel free to ignore this comment 🙂
Context
User reported PyPI CLI commands service was logging in telemetry file the credentials set in
PIP_INDEX_URL
environment variable. Since this variable is set dynamically by users we can't control what goes into it, but we still want to keep track in telemetry of the actual command output.Solution
We can sanitize the strings used in CLI before logging them, so we don't log any sensitive information. We can also add a 5 second timeout in case we see an unexpected command.