Skip to content

Commit 8e84c77

Browse files
kartikangirasstruckoff
authored andcommitted
fix:reorder env var redaction checks to scan values first (google-gemini#21059)
Signed-off-by: Kartik Angiras <angiraskartik@gmail.com>
1 parent df07f90 commit 8e84c77

2 files changed

Lines changed: 55 additions & 19 deletions

File tree

packages/core/src/services/environmentSanitization.test.ts

Lines changed: 42 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -206,6 +206,48 @@ describe('sanitizeEnvironment', () => {
206206
});
207207
});
208208

209+
describe('value-first security: secret values must be caught even for allowed variable names', () => {
210+
it('should redact ALWAYS_ALLOWED variables whose values contain a GitHub token', () => {
211+
const env = {
212+
HOME: 'ghp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
213+
PATH: '/usr/bin',
214+
};
215+
const sanitized = sanitizeEnvironment(env, EMPTY_OPTIONS);
216+
expect(sanitized).toEqual({ PATH: '/usr/bin' });
217+
});
218+
219+
it('should redact ALWAYS_ALLOWED variables whose values contain a certificate', () => {
220+
const env = {
221+
SHELL:
222+
'-----BEGIN RSA PRIVATE KEY-----\nMIIE...\n-----END RSA PRIVATE KEY-----',
223+
USER: 'alice',
224+
};
225+
const sanitized = sanitizeEnvironment(env, EMPTY_OPTIONS);
226+
expect(sanitized).toEqual({ USER: 'alice' });
227+
});
228+
229+
it('should redact user-allowlisted variables whose values contain a secret', () => {
230+
const env = {
231+
MY_SAFE_VAR: 'ghp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
232+
OTHER: 'fine',
233+
};
234+
const sanitized = sanitizeEnvironment(env, {
235+
allowedEnvironmentVariables: ['MY_SAFE_VAR'],
236+
blockedEnvironmentVariables: [],
237+
enableEnvironmentVariableRedaction: true,
238+
});
239+
expect(sanitized).toEqual({ OTHER: 'fine' });
240+
});
241+
242+
it('should NOT redact GEMINI_CLI_ variables even if their value looks like a secret (fully trusted)', () => {
243+
const env = {
244+
GEMINI_CLI_INTERNAL: 'ghp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
245+
};
246+
const sanitized = sanitizeEnvironment(env, EMPTY_OPTIONS);
247+
expect(sanitized).toEqual(env);
248+
});
249+
});
250+
209251
it('should ensure all names in the sets are capitalized', () => {
210252
for (const name of ALWAYS_ALLOWED_ENVIRONMENT_VARIABLES) {
211253
expect(name).toBe(name.toUpperCase());

packages/core/src/services/environmentSanitization.ts

Lines changed: 13 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -14,11 +14,9 @@ export function sanitizeEnvironment(
1414
processEnv: NodeJS.ProcessEnv,
1515
config: EnvironmentSanitizationConfig,
1616
): NodeJS.ProcessEnv {
17-
// Enable strict sanitization in GitHub actions.
1817
const isStrictSanitization =
1918
!!processEnv['GITHUB_SHA'] || processEnv['SURFACE'] === 'Github';
2019

21-
// Always sanitize when in GitHub actions.
2220
if (!config.enableEnvironmentVariableRedaction && !isStrictSanitization) {
2321
return { ...processEnv };
2422
}
@@ -148,28 +146,33 @@ function shouldRedactEnvironmentVariable(
148146
key = key.toUpperCase();
149147
value = value?.toUpperCase();
150148

151-
// User overrides take precedence.
149+
if (key.startsWith('GEMINI_CLI_')) {
150+
return false;
151+
}
152+
153+
if (value) {
154+
for (const pattern of NEVER_ALLOWED_VALUE_PATTERNS) {
155+
if (pattern.test(value)) {
156+
return true;
157+
}
158+
}
159+
}
160+
152161
if (allowedSet?.has(key)) {
153162
return false;
154163
}
155164
if (blockedSet?.has(key)) {
156165
return true;
157166
}
158167

159-
// These are never redacted.
160-
if (
161-
ALWAYS_ALLOWED_ENVIRONMENT_VARIABLES.has(key) ||
162-
key.startsWith('GEMINI_CLI_')
163-
) {
168+
if (ALWAYS_ALLOWED_ENVIRONMENT_VARIABLES.has(key)) {
164169
return false;
165170
}
166171

167-
// These are always redacted.
168172
if (NEVER_ALLOWED_ENVIRONMENT_VARIABLES.has(key)) {
169173
return true;
170174
}
171175

172-
// If in strict mode (e.g. GitHub Action), and not explicitly allowed, redact it.
173176
if (isStrictSanitization) {
174177
return true;
175178
}
@@ -180,14 +183,5 @@ function shouldRedactEnvironmentVariable(
180183
}
181184
}
182185

183-
// Redact if the value looks like a key/cert.
184-
if (value) {
185-
for (const pattern of NEVER_ALLOWED_VALUE_PATTERNS) {
186-
if (pattern.test(value)) {
187-
return true;
188-
}
189-
}
190-
}
191-
192186
return false;
193187
}

0 commit comments

Comments
 (0)