From 5848867b882cdcada49c9d6f44ab2a234ba48994 Mon Sep 17 00:00:00 2001
From: ecrupper <easton.crupper12@gmail.com>
Date: Fri, 18 Feb 2022 15:01:37 -0600
Subject: [PATCH] fixing secret mask bug

---
 executor/linux/step.go      | 6 +++++-
 executor/linux/step_test.go | 4 ++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/executor/linux/step.go b/executor/linux/step.go
index c67f7585..38ee06fc 100644
--- a/executor/linux/step.go
+++ b/executor/linux/step.go
@@ -464,7 +464,11 @@ func getSecretValues(ctn *pipeline.Container) []string {
 	secretValues := []string{}
 	// gather secrets' values from the environment map for masking
 	for _, secret := range ctn.Secrets {
-		s := ctn.Environment[strings.ToUpper(secret.Target)]
+		// capture secret from environment
+		s, ok := ctn.Environment[strings.ToUpper(secret.Target)]
+		if !ok {
+			continue
+		}
 		// handle multi line secrets from files
 		s = strings.ReplaceAll(s, "\n", " ")
 
diff --git a/executor/linux/step_test.go b/executor/linux/step_test.go
index 0caa1d5b..9ce32591 100644
--- a/executor/linux/step_test.go
+++ b/executor/linux/step_test.go
@@ -570,6 +570,10 @@ func TestLinux_getSecretValues(t *testing.T) {
 						Source: "someOtherSource",
 						Target: "secret_password",
 					},
+					{
+						Source: "disallowedSecret",
+						Target: "cannot_find",
+					},
 				},
 			},
 		},