Simple sanitization in strings used in CLI before logging

[grvillic]

Context

User reported PyPI CLI commands service was logging in telemetry file the credentials set in PIP_INDEX_URL environment variable. Since this variable is set dynamically by users we can't control what goes into it, but we still want to keep track in telemetry of the actual command output.

Solution

We can sanitize the strings used in CLI before logging them, so we don't log any sensitive information. We can also add a 5 second timeout in case we see an unexpected command.

[codecov[bot]]

Codecov Report

Attention: Patch coverage is 73.33333% with 4 lines in your changes missing coverage. Please review.

Project coverage is 76.3%. Comparing base (dec038a) to head (a172d54).

Files	Patch %	Lines
...onentDetection.Common/Utilities/StringUtilities.cs	72.7%	3 Missing :warning:
...ntDetection.Common/CommandLineInvocationService.cs	66.6%	1 Missing :warning:

Additional details and impacted files

```diff @@ Coverage Diff @@ ## main #1155 +/- ## ======================================= - Coverage 76.3% 76.3% -0.1% ======================================= Files 255 256 +1 Lines 11303 11315 +12 Branches 1134 1135 +1 ======================================= + Hits 8626 8635 +9 - Misses 2345 2348 +3 Partials 332 332 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

[github-actions[bot]]

👋 Hi! It looks like you modified some files in the Detectors folder. You may need to bump the detector versions if any of the following scenarios apply:

• The detector detects more or fewer components than before
• The detector generates different parent/child graph relationships than before
• The detector generates different devDependencies values than before

If none of the above scenarios apply, feel free to ignore this comment 🙂