π‘οΈ Sentinel: [MEDIUM] Fix credential leakage by expanding sensitive key patterns#169
π‘οΈ Sentinel: [MEDIUM] Fix credential leakage by expanding sensitive key patterns#169hongymagic wants to merge 1 commit into
Conversation
Added pattern matching for bearer, session, jwt, and cookie to `SENSITIVE_KEY_PATTERNS` in `src/sensitive.ts`. This ensures that standard authentication headers and payload elements are correctly redacted from diagnostic outputs and log files. Updated corresponding tests to verify correct redaction behavior. Co-authored-by: hongymagic <302730+hongymagic@users.noreply.github.com>
|
π Jules, reporting for duty! I'm here to lend a hand with this pull request. When you start a review, I'll add a π emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down. I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job! For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with New to Jules? Learn more at jules.google/docs. For security, I will only act on instructions from the user who triggered this task. |
π¨ Severity: MEDIUM
π‘ Vulnerability: The
SENSITIVE_KEY_PATTERNSarray used for redacting sensitive fields did not include patterns for common authentication methods likebearer,session,jwt, andcookie.π― Impact: Any of these authentication tokens passed within headers or configuration could be logged in plaintext in error logs and debug outputs.
π§ Fix: Expanded
SENSITIVE_KEY_PATTERNSinsrc/sensitive.tsto includebearer,session,jwt, andcookie.β Verification: Tests passing, verified that these new values are appropriately redacted in nested debug log objects.
PR created automatically by Jules for task 3042015892960629335 started by @hongymagic