vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-03-17 21:10:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor(config): split sensitive path matching helpers

Browse Source
This commit is contained in:
Gustavo Madeira Santana
2026-02-15 10:22:15 -05:00
parent a32a240d40
commit 964fabe3b3
2 changed files with 26 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
src/config/schema.hints.test.ts
View File

@@ -8,10 +8,22 @@ const { mapSensitivePaths } = __test__;
describe("isSensitiveConfigPath", () => {
it("matches whitelist suffixes case-insensitively", () => {
expect(isSensitiveConfigPath("maxTokens")).toBe(false);
expect(isSensitiveConfigPath("MAXTOKENS")).toBe(false);
expect(isSensitiveConfigPath("channels.irc.nickserv.passwordFile")).toBe(false);
expect(isSensitiveConfigPath("channels.irc.nickserv.PASSWORDFILE")).toBe(false);
const whitelistedPaths = [
"maxTokens",
"maxOutputTokens",
"maxInputTokens",
"maxCompletionTokens",
"contextTokens",
"totalTokens",
"tokenCount",
"tokenLimit",
"tokenBudget",
"channels.irc.nickserv.passwordFile",
];
for (const path of whitelistedPaths) {
expect(isSensitiveConfigPath(path)).toBe(false);
expect(isSensitiveConfigPath(path.toUpperCase())).toBe(false);
}
});
it("keeps true sensitive keys redacted", () => {

15
src/config/schema.hints.ts
View File

@@ -109,12 +109,17 @@ const NORMALIZED_SENSITIVE_KEY_WHITELIST_SUFFIXES = SENSITIVE_KEY_WHITELIST_SUFF
const SENSITIVE_PATTERNS = [/token$/i, /password/i, /secret/i, /api.?key/i];
export function isSensitiveConfigPath(path: string): boolean {
function isWhitelistedSensitivePath(path: string): boolean {
const lowerPath = path.toLowerCase();
const whitelisted = NORMALIZED_SENSITIVE_KEY_WHITELIST_SUFFIXES.some((suffix) =>
lowerPath.endsWith(suffix),
);
return !whitelisted && SENSITIVE_PATTERNS.some((pattern) => pattern.test(path));
return NORMALIZED_SENSITIVE_KEY_WHITELIST_SUFFIXES.some((suffix) => lowerPath.endsWith(suffix));
}
function matchesSensitivePattern(path: string): boolean {
return SENSITIVE_PATTERNS.some((pattern) => pattern.test(path));
}
export function isSensitiveConfigPath(path: string): boolean {
return !isWhitelistedSensitivePath(path) && matchesSensitivePattern(path);
}
export function buildBaseHints(): ConfigUiHints {