mirror of
https://github.com/openclaw/openclaw.git
synced 2026-06-22 14:58:09 +00:00
3faf669801
* redact tool output secrets * Expand tool-output secret redaction * fix(security): keep redaction prefilter in sync with expanded defaults - build DEFAULT_REDACT_PREFILTER_RE from sources covering every default pattern family: new vendor prefixes, webhook hosts, bare query/form keys, userinfo/connection-string passwords, and percent/plus/invisible obfuscated keys (including trailing separator splices) - run default-pattern redaction tests through the default options path and redact the vendor corpus per token so prefilter gaps fail tests - fix quoted standalone assignment values containing the other quote char or an unterminated quote; never re-mask *** placeholders - align net-policy URL query-name separator stripping with logging key normalization (Hangul fillers) * fix(security): keep base64-prefix redaction out of media payloads - pure-base64-alphabet token prefixes (gAAAA, AKIA, ASIA, dapi, ATCTT3xFfG, ATATT, ATBB) now require a non-alphanumeric left boundary, skip explicit ;base64, payload spans, and run unchunked so chunk starts cannot fake the boundary or hide the container from the lookbehind - tokens after URL/path delimiters or assignments still mask; data-URL media survives redaction byte-identical (fixes chat media mirror CI) - regression tests: tiny-PNG data URL, in-blob plus boundary, chunk-aligned large data URL, reset-path Fernet token, path AWS key --------- Co-authored-by: Alex Knight <15041791+amknight@users.noreply.github.com>