From 8b986dbcbfa40605edb61959de626f528be049b4 Mon Sep 17 00:00:00 2001 From: John Lee Date: Thu, 4 Jun 2026 08:59:00 +0800 Subject: [PATCH] Potential fix for code scanning alert no. 31: Clear-text logging of sensitive information Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- teaagent/cli/_handlers/_doctor.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/teaagent/cli/_handlers/_doctor.py b/teaagent/cli/_handlers/_doctor.py index c8d93b63..d6844b93 100644 --- a/teaagent/cli/_handlers/_doctor.py +++ b/teaagent/cli/_handlers/_doctor.py @@ -887,7 +887,8 @@ def _ensure_log_safe(value: Any) -> Any: if isinstance(value, dict): safe: dict[Any, Any] = {} for key, item in value.items(): - if _is_sensitive_key(key): + key_text = str(key) + if _is_sensitive_key(key) or _looks_like_sensitive_env_name(key_text): safe[key] = _REDACTED continue safe[key] = _ensure_log_safe(item)