[jira] [Commented] (CB-11528) Remove verbose mode from xcrun in build.js to prevent logging of environment variables.

[ASF GitHub Bot (JIRA)]

    [ 
https://issues.apache.org/jira/browse/CB-11528?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15416269#comment-15416269
 ] 

ASF GitHub Bot commented on CB-11528:
-------------------------------------

Github user codecov-io commented on the issue:

    https://github.com/apache/cordova-ios/pull/240
  
    ## [Current 
coverage](https://codecov.io/gh/apache/cordova-ios/pull/240?src=pr) is 52.60% 
(diff: 100%)
    > Merging [#240](https://codecov.io/gh/apache/cordova-ios/pull/240?src=pr) 
into [master](https://codecov.io/gh/apache/cordova-ios/branch/master?src=pr) 
will not change coverage
    
    ```diff
    @@             master       #240   diff @@
    ==========================================
      Files            11         11          
      Lines           882        882          
      Methods         132        132          
      Messages          0          0          
      Branches        143        143          
    ==========================================
      Hits            464        464          
      Misses          418        418          
      Partials          0          0          
    ```
    
    > Powered by [Codecov](https://codecov.io?src=pr). Last update 
[3bda0ef...63ba2af](https://codecov.io/gh/apache/cordova-ios/compare/3bda0ef487f204e60def4ff1ecf844862460313e...63ba2afb2d6ccb14d013cff9744f955db79a6a6f?src=pr)


> Remove verbose mode from xcrun in build.js to prevent logging of environment 
> variables.
> ---------------------------------------------------------------------------------------
>
>                 Key: CB-11528
>                 URL: https://issues.apache.org/jira/browse/CB-11528
>             Project: Apache Cordova
>          Issue Type: Improvement
>          Components: iOS
>            Reporter: Meir Gottlieb
>            Assignee: Shazron Abdullah
>
> During the build process for IOS, xcrun is called with the "-v" option for 
> verbose output. As part of the output, xcrun prints out all the environment 
> variables. This can be a security issue on CI servers because CI servers 
> often provide a way to store encrypted secrets that are decrypted and put in 
> environment variables during the build. When xcrun prints out all the 
> environment variables, the output on the CI server is then logged containing 
> the unencrypted versions of the secrets.
> Current the workaround is to use the --noSign option and then call xcrun 
> directly. However, it would be nice to remove the "-v" option when calling 
> "xcrun" in Cordova.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@cordova.apache.org
For additional commands, e-mail: issues-h...@cordova.apache.org