Skip to content

Commit 1a30af8

Browse files
authored
Merge pull request #49 from TeaEntityLab/alert-autofix-31
Potential fix for code scanning alert no. 31: Clear-text logging of sensitive information
2 parents 8acbeee + c574a70 commit 1a30af8

1 file changed

Lines changed: 10 additions & 0 deletions

File tree

teaagent/cli/_handlers/_doctor.py

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -848,9 +848,19 @@ def _sanitize_doctor_payload(value: Any) -> Any:
848848
if isinstance(value, dict):
849849
sanitized: dict[Any, Any] = {}
850850
for key, item in value.items():
851+
key_text = str(key)
852+
key_upper = key_text.strip().upper()
851853
if _is_sensitive_key(key):
852854
sanitized[key] = _REDACTED
853855
continue
856+
if key_upper in {'API_TOKEN', 'AUTH', 'AUTHORIZATION'}:
857+
sanitized[key] = _REDACTED
858+
continue
859+
if key_upper in {'ENV', 'API_KEY_ENV'} and isinstance(item, str):
860+
sanitized[key] = (
861+
_REDACTED if _looks_like_sensitive_env_name(item) else item
862+
)
863+
continue
854864
sanitized[key] = _sanitize_doctor_payload(item)
855865
return sanitized
856866
if isinstance(value, list):

0 commit comments

Comments
 (0)