Merge pull request #200 from salesforcecli/sm/security-warnings

cristiand391 · web-flow · commit 851ac03f8b95 · 2021-09-29T17:10:15.000-03:00
Sm/security-warnings
diff --git a/messages/messages.json b/messages/messages.json
@@ -18,5 +18,7 @@
   "AlphaNumericNameError": "Name must contain only alphanumeric characters.",
   "NameMustStartWithLetterError": "Name must start with a letter.",
   "EndWithUnderscoreError": "Name can't end with an underscore.",
-  "DoubleUnderscoreError": "Name can't contain 2 consecutive underscores."
+  "DoubleUnderscoreError": "Name can't contain 2 consecutive underscores.",
+
+  "SecurityWarning": "This command will expose sensitive information that allows for subsequent activity using your current authenticated session.\nSharing this information is equivalent to logging someone in under the current credential, resulting in unintended access and escalation of privilege.\nFor additional information, please review the authorization section of the https://developer.salesforce.com/docs/atlas.en-us.234.0.sfdx_dev.meta/sfdx_dev/sfdx_dev_auth_web_flow.htm"
 }
diff --git a/src/commands/force/org/display.ts b/src/commands/force/org/display.ts
@@ -17,7 +17,7 @@ import { OrgListUtil } from '../../../shared/orgListUtil';
 
 Messages.importMessagesDirectory(__dirname);
 const messages = Messages.loadMessages('@salesforce/plugin-org', 'display');
-
+const sharedMessages = Messages.loadMessages('@salesforce/plugin-org', 'messages');
 export class OrgDisplayCommand extends SfdxCommand {
   public static readonly description = messages.getMessage('description');
   public static readonly examples = messages.getMessage('examples').split(os.EOL);
@@ -68,6 +68,8 @@ export class OrgDisplayCommand extends SfdxCommand {
   }
 
   private print(result: OrgDisplayReturn): void {
+    this.ux.warn(sharedMessages.getMessage('SecurityWarning'));
+    this.ux.log('');
     const columns = {
       columns: [
         { key: 'key', label: 'KEY' },
diff --git a/src/commands/force/org/open.ts b/src/commands/force/org/open.ts
@@ -13,6 +13,8 @@ import { openUrl } from '../../../shared/utils';
 
 Messages.importMessagesDirectory(__dirname);
 const messages = Messages.loadMessages('@salesforce/plugin-org', 'open');
+const sharedMessages = Messages.loadMessages('@salesforce/plugin-org', 'messages');
+
 export class OrgOpenCommand extends SfdxCommand {
   public static readonly description = messages.getMessage('description');
   public static readonly examples = messages.getMessage('examples').split(EOL);
@@ -37,6 +39,9 @@ export class OrgOpenCommand extends SfdxCommand {
     const username = this.org.getUsername();
     const output = { orgId, url, username };
 
+    this.ux.warn(sharedMessages.getMessage('SecurityWarning'));
+    this.ux.log('');
+
     if (new Env().getBoolean('SFDX_CONTAINER_MODE')) {
       // instruct the user that they need to paste the URL into the browser
       this.ux.styledHeader('Action Required!');

Original file line number	Diff line number	Diff line change
`@@ -18,5 +18,7 @@`
`18`	`18`	`"AlphaNumericNameError": "Name must contain only alphanumeric characters.",`
`19`	`19`	`"NameMustStartWithLetterError": "Name must start with a letter.",`
`20`	`20`	`"EndWithUnderscoreError": "Name can't end with an underscore.",`
`21`		`- "DoubleUnderscoreError": "Name can't contain 2 consecutive underscores."`
	`21`	`+ "DoubleUnderscoreError": "Name can't contain 2 consecutive underscores.",`
	`22`	`+`
	`23`	`+ "SecurityWarning": "This command will expose sensitive information that allows for subsequent activity using your current authenticated session.\nSharing this information is equivalent to logging someone in under the current credential, resulting in unintended access and escalation of privilege.\nFor additional information, please review the authorization section of the https://developer.salesforce.com/docs/atlas.en-us.234.0.sfdx_dev.meta/sfdx_dev/sfdx_dev_auth_web_flow.htm"`
`22`	`24`	`}`