fix: mask ecr login password from log

Author: yueny2020

src/lib/ecrUtils.ts

@@ -18,8 +18,9 @@ export async function loginToRegistry(
         .decode(encodedAuthToken)
         .trim()
         .split(':')
-    await dockerHandler.runDockerCommand(dockerPath, 'login', ['-u', tokens[0], '-p', tokens[1], endpoint], {
-        silent: true
+    await dockerHandler.runDockerCommand(dockerPath, 'login', ['-u', tokens[0], '--password-stdin', endpoint], {
+        silent: true,
+        input: tokens[1] // Password provided via stdin
     })
 }
 

tests/taskTests/ecrPullImage/ecrPullImage-test.ts

@@ -96,7 +96,7 @@ describe('ECR Pull image', () => {
     })
 
     test('Happy path', async () => {
-        expect.assertions(2)
+        expect.assertions(3)
         const dockerHandler = { ...defaultDocker }
         const runDockerCommand = jest.fn((thing1, thing2, thing3) => Promise.resolve())
         dockerHandler.runDockerCommand = runDockerCommand
@@ -108,6 +108,7 @@ describe('ECR Pull image', () => {
         const taskOperations = new TaskOperations(ecr, dockerHandler, taskParameters)
         await taskOperations.execute()
         expect(ecr.getAuthorizationToken).toBeCalledTimes(1)
-        expect(runDockerCommand.mock.calls[0][2][4]).toStrictEqual('https://example.com')
+        expect(runDockerCommand.mock.calls[0][2][2]).toStrictEqual('--password-stdin')
+        expect(runDockerCommand.mock.calls[0][2][3]).toStrictEqual('https://example.com')
     })
 })