vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-06 13:10:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(logging): add redaction patterns for additional credential prefixes

Browse Source
This commit is contained in:
gavyngong
2026-04-01 10:17:09 +08:00
committed by Mason Huang
parent d0a7986638
commit 11094f14b1
2 changed files with 50 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
src/logging/redact.test.ts
View File

@@ -223,6 +223,51 @@ describe("redactSensitiveText", () => {
expect(output).toContain("OPENAI_API_KEY=sk-123…cdef");
});
it("masks Tencent Cloud SecretId (AKID prefix, uppercase-only)", () => {
const input = "SecretId is AKIDZ8EXAMPLEFAKE01KEY99TEST";
const output = redactSensitiveText(input, {
mode: "tools",
patterns: defaults,
});
expect(output).toBe("SecretId is AKIDZ8…TEST");
});
it("masks Tencent Cloud SecretId with mixed-case characters", () => {
const input = "AKIDz8exampleFake01Key99Test";
const output = redactSensitiveText(input, {
mode: "tools",
patterns: defaults,
});
expect(output).toBe("AKIDz8…Test");
});
it("masks Alibaba Cloud AccessKey ID (LTAI prefix)", () => {
const input = "AccessKeyId=LTAI5tExampleFakeKeyXyz9";
const output = redactSensitiveText(input, {
mode: "tools",
patterns: defaults,
});
expect(output).toBe("AccessKeyId=LTAI5t…Xyz9");
});
it("masks HuggingFace tokens (hf_ prefix)", () => {
const input = "export HF_TOKEN=hf_ABCDEFghijklmnopqrstuv";
const output = redactSensitiveText(input, {
mode: "tools",
patterns: defaults,
});
expect(output).toContain("hf_ABC…stuv");
});
it("masks Replicate tokens (r8_ prefix)", () => {
const input = "REPLICATE_API_TOKEN=r8_ABCDEFghijklmnopqrstuv";
const output = redactSensitiveText(input, {
mode: "tools",
patterns: defaults,
});
expect(output).toContain("r8_ABC…stuv");
});
it("skips redaction when mode is off", () => {
const input = "OPENAI_API_KEY=sk-1234567890abcdef";
const output = redactSensitiveText(input, {

5
src/logging/redact.ts
View File

@@ -39,6 +39,11 @@ const DEFAULT_REDACT_PATTERNS: string[] = [
String.raw`\b(AIza[0-9A-Za-z\-_]{20,})\b`,
String.raw`\b(pplx-[A-Za-z0-9_-]{10,})\b`,
String.raw`\b(npm_[A-Za-z0-9]{10,})\b`,
// Additional access-key and token-style prefixes.
String.raw`\b(AKID[A-Za-z0-9]{10,})\b`,
String.raw`\b(LTAI[A-Za-z0-9]{10,})\b`,
String.raw`\b(hf_[A-Za-z0-9]{10,})\b`,
String.raw`\b(r8_[A-Za-z0-9]{10,})\b`,
// Telegram Bot API URLs embed the token as `/bot<token>/...` (no word-boundary before digits).
String.raw`\bbot(\d{6,}:[A-Za-z0-9_-]{20,})\b`,
String.raw`\b(\d{6,}:[A-Za-z0-9_-]{20,})\b`,