vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-06 11:50:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: add cdpUrl to sensitive URL config path matching

Browse Source 
Browser CDP URLs (browser.cdpUrl, browser.profiles.*.cdpUrl) can embed
credentials via query tokens (?token=xxx) or HTTP Basic auth
(user:pass@host). Add .cdpUrl suffix to isSensitiveUrlConfigPath() so
these paths are correctly redacted in config.get responses.

Refs #67656, #53433
This commit is contained in:
Ziy1-Tan
2026-04-16 20:44:52 +08:00
committed by Mason Huang
parent a0dd5f7e8e
commit 1dbfd41462
2 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/shared/net/redact-sensitive-url.test.ts
View File

@@ -51,6 +51,12 @@ describe("sensitive URL config metadata", () => {
expect(isSensitiveUrlConfigPath("gateway.remote.url")).toBe(false);
});
it("recognizes cdpUrl config paths as sensitive (browser CDP URLs can embed credentials)", () => {
expect(isSensitiveUrlConfigPath("browser.cdpUrl")).toBe(true);
expect(isSensitiveUrlConfigPath("browser.profiles.remote.cdpUrl")).toBe(true);
expect(isSensitiveUrlConfigPath("browser.profiles.staging.cdpUrl")).toBe(true);
});
it("uses an explicit url-secret hint tag", () => {
expect(SENSITIVE_URL_HINT_TAG).toBe("url-secret");
expect(hasSensitiveUrlHintTag({ tags: [SENSITIVE_URL_HINT_TAG] })).toBe(true);

3
src/shared/net/redact-sensitive-url.ts
View File

@@ -25,6 +25,9 @@ export function isSensitiveUrlConfigPath(path: string): boolean {
if (path.endsWith(".baseUrl") || path.endsWith(".httpUrl")) {
return true;
}
if (path.endsWith(".cdpUrl")) {
return true;
}
if (path.endsWith(".request.proxy.url")) {
return true;
}