You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've searched existing issues and found nothing related to my issue.
Describe the feature you want to add
The shown example is the Bearer Auth example from the testbench repo, but I've marked the bearer_auth_token as private. The UI still shows the token in the timelime tab. Same for the json export, that you can generate using the cli --format json option. This can expose your secrets if you are live-sharing your screen, share a screenshot or the exported report without manually hiding it. So I suggest, after the request is finished, check the whole output, including every header (request and response), response data, assertion/script output, etc..., for exact (or case-insensitive?) matches and replace them with something else, like a fixed number of asteriks or the variable name.
I have checked the following:
Describe the feature you want to add
The shown example is the Bearer Auth example from the testbench repo, but I've marked the bearer_auth_token as private. The UI still shows the token in the timelime tab. Same for the json export, that you can generate using the cli --format json option. This can expose your secrets if you are live-sharing your screen, share a screenshot or the exported report without manually hiding it. So I suggest, after the request is finished, check the whole output, including every header (request and response), response data, assertion/script output, etc..., for exact (or case-insensitive?) matches and replace them with something else, like a fixed number of asteriks or the variable name.
Mockups or Images of the feature
The text was updated successfully, but these errors were encountered: