SECURITY: Secrets are not redacted for generated tools

[Droppers]

Usage Information

9.0.3

Description

Since Nuke version 9 secrets in ArgumentStringHandler are not redacted:

DotNet($"--secret {"should-be-redacted":r}");

// dotnet --secret should-be-redacted

FTR, the fluent API is NOT affected, and works as expected:

DotNetNuGetPush(_ => _
   .SetApiKey("secret"));

// dotnet nuget push --api-key [REDACTED]

Reproduction Steps

Arguments are converted to string, but the output filter is never applied. See the following method, I think 'arguments.GetFilter()' should be passed as the last parameter, but is currently not present.

https://github.com/nuke-build/nuke/blame/5b4f3ca9865f11168e9ab7f81bc93716c02c9c53/source/Nuke.Tooling/ToolTasks.Run.cs#L59

Expected Behavior

Output filter is applied and secrets are filtered.

Actual Behavior

Secrets are not filtered.

Regression?

Worked fine is version 8

Known Workarounds

None

Could you help with a pull-request?

No

[matkoch]

thanks for spotting this

[Droppers]

When will the new version be released?