feat: security warnings for display/open

salesforcecli · Sep 28, 2021 · b2599be · b2599be
1 parent a7bdcb3
commit b2599be
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 2 deletions.
diff --git a/messages/messages.json b/messages/messages.json
@@ -18,5 +18,7 @@
   "AlphaNumericNameError": "Name must contain only alphanumeric characters.",
   "NameMustStartWithLetterError": "Name must start with a letter.",
   "EndWithUnderscoreError": "Name can't end with an underscore.",
-  "DoubleUnderscoreError": "Name can't contain 2 consecutive underscores."
+  "DoubleUnderscoreError": "Name can't contain 2 consecutive underscores.",
+
+  "SecurityWarning": "This command will expose sensitive information that allows for subsequent activity using your current authenticated session.\nSharing this information is equivalent to logging someone in under the current credential. A malicious user with access to the URL could perform any action available to the user who generated the URL (e.g. change passwords, manage applications).\nFor additional information, please review the authorization section of CLI Developer Guide https://developer.salesforce.com/docs/atlas.en-us.234.0.sfdx_dev.meta/sfdx_dev/sfdx_dev_auth_web_flow.htm\n"
 }
diff --git a/src/commands/force/org/display.ts b/src/commands/force/org/display.ts
@@ -17,7 +17,7 @@ import { OrgListUtil } from '../../../shared/orgListUtil';
 
 Messages.importMessagesDirectory(__dirname);
 const messages = Messages.loadMessages('@salesforce/plugin-org', 'display');
-
+const sharedMessages = Messages.loadMessages('@salesforce/plugin-org', 'messages');
 export class OrgDisplayCommand extends SfdxCommand {
   public static readonly description = messages.getMessage('description');
   public static readonly examples = messages.getMessage('examples').split(os.EOL);
@@ -68,6 +68,8 @@ export class OrgDisplayCommand extends SfdxCommand {
   }
 
   private print(result: OrgDisplayReturn): void {
+    this.ux.log('');
+    this.ux.warn(sharedMessages.getMessage('SecurityWarning'));
     const columns = {
       columns: [
         { key: 'key', label: 'KEY' },

diff --git a/src/commands/force/org/open.ts b/src/commands/force/org/open.ts
@@ -13,6 +13,8 @@ import { openUrl } from '../../../shared/utils';
 
 Messages.importMessagesDirectory(__dirname);
 const messages = Messages.loadMessages('@salesforce/plugin-org', 'open');
+const sharedMessages = Messages.loadMessages('@salesforce/plugin-org', 'messages');
+
 export class OrgOpenCommand extends SfdxCommand {
   public static readonly description = messages.getMessage('description');
   public static readonly examples = messages.getMessage('examples').split(EOL);
@@ -37,6 +39,9 @@ export class OrgOpenCommand extends SfdxCommand {
     const username = this.org.getUsername();
     const output = { orgId, url, username };
 
+    this.ux.log('');
+    this.ux.warn(sharedMessages.getMessage('SecurityWarning'));
+
     if (new Env().getBoolean('SFDX_CONTAINER_MODE')) {
       // instruct the user that they need to paste the URL into the browser
       this.ux.styledHeader('Action Required!');