fix: dump summary with original variables for security

2026-05-06 20:32:44 +08:00 · 2025-07-03 22:48:39 +08:00
parent 1694f36837
commit 2168ee0e69
2 changed files with 14 additions and 4 deletions
--- a/config.go
+++ b/config.go
@@ -14,9 +14,10 @@ type IConfig interface {
 // NewConfig returns a new constructed testcase config with specified testcase name.
 func NewConfig(name string) *TConfig {
 	return &TConfig{
-		Name:      name,
-		Environs:  make(map[string]string),
-		Variables: make(map[string]interface{}),
+		Name:              name,
+		Environs:          make(map[string]string),
+		Variables:         make(map[string]interface{}),
+		OriginalVariables: make(map[string]interface{}),
 	}
 }

@@ -28,6 +29,7 @@ type TConfig struct {
 	Headers           map[string]string              `json:"headers,omitempty" yaml:"headers,omitempty"`     // public request headers
 	Environs          map[string]string              `json:"environs,omitempty" yaml:"environs,omitempty"`   // environment variables
 	Variables         map[string]interface{}         `json:"variables,omitempty" yaml:"variables,omitempty"` // global variables
+	OriginalVariables map[string]interface{}         `json:"-" yaml:"-"`                                     // original user variables before env merge (not serialized)
 	Parameters        map[string]interface{}         `json:"parameters,omitempty" yaml:"parameters,omitempty"`
 	ParametersSetting *TParamsConfig                 `json:"parameters_setting,omitempty" yaml:"parameters_setting,omitempty"`
 	ThinkTimeSetting  *ThinkTimeConfig               `json:"think_time,omitempty" yaml:"think_time,omitempty"`
--- a/runner.go
+++ b/runner.go
@@ -459,6 +459,12 @@ func (r *CaseRunner) parseConfig() (parsedConfig *TConfig, err error) {
 	}
 	parsedConfig.Variables = parsedVariables

+	// backup original user variables before merging env variables
+	parsedConfig.OriginalVariables = make(map[string]interface{})
+	for k, v := range parsedVariables {
+		parsedConfig.OriginalVariables[k] = v
+	}
+
 	// parse config name
 	parsedName, err := r.parser.ParseString(cfg.Name, parsedVariables)
 	if err != nil {
@@ -694,7 +700,9 @@ func (r *SessionRunner) Start(givenVars map[string]interface{}) (summary *TestCa
 			exportVars[value] = r.sessionVariables[value]
 		}
 		summary.InOut.ExportVars = exportVars
-		summary.InOut.ConfigVars = config.Variables
+
+		// dump summary with original user variables only (exclude environment variables)
+		summary.InOut.ConfigVars = config.OriginalVariables

 		// Save JSON case content to results directory
 		if config.Path != "" {