From 6709e315df8fac55140e7e281cd6e20262cff906 Mon Sep 17 00:00:00 2001 From: William Martin Date: Thu, 16 Apr 2026 22:12:01 +0200 Subject: [PATCH] Do not send telemetry for aliases --- .../telemetry/no-telemetry-for-alias.txtar | 18 +++++++++++++ pkg/cmd/root/alias.go | 27 ++++++++++++------- 2 files changed, 35 insertions(+), 10 deletions(-) create mode 100644 acceptance/testdata/telemetry/no-telemetry-for-alias.txtar diff --git a/acceptance/testdata/telemetry/no-telemetry-for-alias.txtar b/acceptance/testdata/telemetry/no-telemetry-for-alias.txtar new file mode 100644 index 000000000..733bea11f --- /dev/null +++ b/acceptance/testdata/telemetry/no-telemetry-for-alias.txtar @@ -0,0 +1,18 @@ +# Aliases should not leak their user-defined names via telemetry, but the +# resolved inner command should still record normally — its path is a core +# gh command and conveys no user-authored identifier. + +env GH_PRIVATE_ENABLE_TELEMETRY=1 +env GH_TELEMETRY=log +env GH_TELEMETRY_SAMPLE_RATE=100 + +# Create a regular (non-shell) alias that resolves to an existing command. +exec gh alias set secret-project-alias version + +# Invoking the alias must not produce any event carrying the alias name. +exec gh secret-project-alias +! stderr 'secret-project-alias' + +# The resolved inner command still records telemetry as normal. +stderr 'Telemetry payload:' +stderr '"command": "gh version"' diff --git a/pkg/cmd/root/alias.go b/pkg/cmd/root/alias.go index 4f504f2b8..ea4c21d8a 100644 --- a/pkg/cmd/root/alias.go +++ b/pkg/cmd/root/alias.go @@ -10,6 +10,7 @@ import ( "github.com/cli/cli/v2/internal/run" "github.com/cli/cli/v2/internal/text" + "github.com/cli/cli/v2/pkg/cmdutil" "github.com/cli/cli/v2/pkg/findsh" "github.com/cli/cli/v2/pkg/iostreams" "github.com/google/shlex" @@ -17,7 +18,7 @@ import ( ) func NewCmdShellAlias(io *iostreams.IOStreams, aliasName, aliasValue string) *cobra.Command { - return &cobra.Command{ + cmd := &cobra.Command{ Use: aliasName, Short: fmt.Sprintf("Shell alias for %q", text.Truncate(80, aliasValue)), RunE: func(c *cobra.Command, args []string) error { @@ -39,16 +40,19 @@ func NewCmdShellAlias(io *iostreams.IOStreams, aliasName, aliasValue string) *co } return nil }, - GroupID: "alias", - Annotations: map[string]string{ - "skipAuthCheck": "true", - }, + GroupID: "alias", DisableFlagParsing: true, } + cmdutil.DisableAuthCheck(cmd) + // Aliases are user-defined names and must not be reported as telemetry + // dimensions, since the name itself may be sensitive (e.g. project or + // organization names). + cmdutil.DisableTelemetry(cmd) + return cmd } func NewCmdAlias(io *iostreams.IOStreams, aliasName, aliasValue string) *cobra.Command { - return &cobra.Command{ + cmd := &cobra.Command{ Use: aliasName, Short: fmt.Sprintf("Alias for %q", text.Truncate(80, aliasValue)), RunE: func(c *cobra.Command, args []string) error { @@ -60,12 +64,15 @@ func NewCmdAlias(io *iostreams.IOStreams, aliasName, aliasValue string) *cobra.C root.SetArgs(expandedArgs) return root.Execute() }, - GroupID: "alias", - Annotations: map[string]string{ - "skipAuthCheck": "true", - }, + GroupID: "alias", DisableFlagParsing: true, } + cmdutil.DisableAuthCheck(cmd) + // Aliases are user-defined names and must not be reported as telemetry + // dimensions, since the name itself may be sensitive (e.g. project or + // organization names). + cmdutil.DisableTelemetry(cmd) + return cmd } // ExpandAlias processes argv to see if it should be rewritten according to a user's aliases.