vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-06 12:00:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(shared): redact repeated URL userinfo

Browse Source
This commit is contained in:
Vincent Koc
2026-05-01 16:05:40 -07:00
parent 5fbfa1411b
commit 04cd861732
3 changed files with 14 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/plugins/git-install.test.ts
View File

@@ -204,7 +204,8 @@ describe("installPluginFromGitSpec", () => {
runCommandWithTimeoutMock.mockResolvedValueOnce({
code: 1,
stdout: "",
stderr: "fatal: could not read Username for 'https://token:secret@github.com/acme/demo.git'",
stderr:
"fatal: could not read Username for 'https://token:secret@github.com/acme/demo.git' while retrying https://other:credential@github.com/acme/fallback.git",
});
const result = await installPluginFromGitSpec({
@@ -215,8 +216,11 @@ describe("installPluginFromGitSpec", () => {
if (!result.ok) {
expect(result.error).toContain("failed to clone github.com/acme/demo");
expect(result.error).toContain("https://***:***@github.com/acme/demo.git");
expect(result.error).toContain("https://***:***@github.com/acme/fallback.git");
expect(result.error).not.toContain("token");
expect(result.error).not.toContain("secret");
expect(result.error).not.toContain("other");
expect(result.error).not.toContain("credential");
}
expect(installPluginFromInstalledPackageDirMock).not.toHaveBeenCalled();
});

8
src/shared/net/redact-sensitive-url.test.ts
View File

@@ -35,6 +35,14 @@ describe("redactSensitiveUrlLikeString", () => {
);
});
it("redacts every URL-like userinfo occurrence in arbitrary text", () => {
expect(
redactSensitiveUrlLikeString(
"fatal https://a:b@github.com/one.git and https://c:d@github.com/two.git",
),
).toBe("fatal https://***:***@github.com/one.git and https://***:***@github.com/two.git");
});
it("redacts protocol URLs that are too malformed to parse", () => {
expect(
redactSensitiveUrlLikeString(

2
src/shared/net/redact-sensitive-url.ts
View File

@@ -70,7 +70,7 @@ export function redactSensitiveUrlLikeString(value: string): string {
return redactedUrl;
}
return value
.replace(/\/\/([^@/?#]+)@/, "//***:***@")
.replace(/\/\/([^@/?#\s]+)@/g, "//***:***@")
.replace(/([?&])([^=&]+)=([^&]*)/g, (match, prefix: string, key: string) =>
isSensitiveUrlQueryParamName(key) ? `${prefix}${key}=***` : match,
);