From 87f8385a25bb69783e3fcf7442e9185e6ab5cb91 Mon Sep 17 00:00:00 2001 From: "google-labs-jules[bot]" <161369871+google-labs-jules[bot]@users.noreply.github.com> Date: Mon, 27 Apr 2026 06:46:13 +0000 Subject: [PATCH] =?UTF-8?q?=F0=9F=9B=A1=EF=B8=8F=20Sentinel:=20[MEDIUM]=20?= =?UTF-8?q?Fix=20Environment=20Variable=20Leakage=20in=20Error=20Messages?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This commit modifies the `ConfigurationError` messages in `src/automation/artifact-signing-config.ts`, `src/tool-filter/config/env-config-parser.ts`, and `src/mcp/mcp-server.ts` to no longer include the exact `raw` values extracted from environment variables. If a user configured an application setting with a sensitive value (e.g. accidentally pasting an API key into `MCP4_AGENT_ARTIFACT_ALLOW_UNSIGNED`), previously the exact value could be echoed out as part of a validation failure and risk logging. This implements a more secure fail pattern by outputting generic validation guidance. Co-authored-by: davidruzicka <14172985+davidruzicka@users.noreply.github.com> --- .jules/sentinel.md | 1 + src/automation/artifact-signing-config.ts | 2 +- src/mcp/mcp-server.ts | 2 +- src/tool-filter/config/env-config-parser.ts | 2 +- 4 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.jules/sentinel.md b/.jules/sentinel.md index a6c92980..67d91a69 100644 --- a/.jules/sentinel.md +++ b/.jules/sentinel.md @@ -126,3 +126,4 @@ Error messages should never include raw values from sensitive sources like envir **Prevention:** 1. Avoid including raw values in error messages when the source is potentially sensitive (env vars, auth headers). 2. Use generic error messages for validation failures of sensitive data. +## 2026-02-24 - [MEDIUM] Environment Variable Leakage in Error Messages\n\n**Vulnerability:**\nError messages for environment variable configuration were returning the raw value string. If a user configured it to point to a sensitive environment variable, the secret value would be exposed in the error message.\n\n**Learning:**\nError messages should never include raw values from sensitive sources like environment variables, even for validation errors. Configuration errors can easily lead to secrets being treated as normal values.\n\n**Prevention:**\n1. Avoid including raw values in error messages when the source is potentially sensitive (env vars, auth headers).\n2. Use generic error messages for validation failures of sensitive data.\n diff --git a/src/automation/artifact-signing-config.ts b/src/automation/artifact-signing-config.ts index 1b328b7f..678f0613 100644 --- a/src/automation/artifact-signing-config.ts +++ b/src/automation/artifact-signing-config.ts @@ -53,5 +53,5 @@ function parseExplicitBoolean(value: string | undefined, envName: string): boole return false; } - throw new ConfigurationError(`${envName} must be either 'true' or 'false', got '${normalized}'.`); + throw new ConfigurationError(`${envName} must be either 'true' or 'false'.`); } diff --git a/src/mcp/mcp-server.ts b/src/mcp/mcp-server.ts index 9e35ac39..e26dfeed 100644 --- a/src/mcp/mcp-server.ts +++ b/src/mcp/mcp-server.ts @@ -2483,7 +2483,7 @@ export class MCPServer { const parsed = Number(raw); if (Number.isNaN(parsed) || parsed <= 0) { throw new ConfigurationError( - `Invalid MCP4_TOOL_FILTER_WARN_THRESHOLD_PCT: expected positive number, got '${raw}'.` + `Invalid MCP4_TOOL_FILTER_WARN_THRESHOLD_PCT: expected positive number.` ); } return parsed; diff --git a/src/tool-filter/config/env-config-parser.ts b/src/tool-filter/config/env-config-parser.ts index e11a617f..4ee5c44b 100644 --- a/src/tool-filter/config/env-config-parser.ts +++ b/src/tool-filter/config/env-config-parser.ts @@ -100,7 +100,7 @@ export class EnvConfigParser { } throw new ConfigurationError( - `MCP4_TOOL_FILTER_ALLOW_CATEGORIES supports only 'list' and 'read', got '${entry}'` + `MCP4_TOOL_FILTER_ALLOW_CATEGORIES supports only 'list' and 'read'.` ); }