github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-10 10:55:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

perf(security): bound regex input in filters and redaction

Browse Source
This commit is contained in:
Peter Steinberger
2026-03-02 16:37:23 +00:00
parent 31c7637e0f
commit b1592457fa
6 changed files with 103 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/logging/redact.test.ts
View File

@@ -102,6 +102,15 @@ describe("redactSensitiveText", () => {
expect(output).toBe(input);
});
it("redacts large payloads with bounded regex passes", () => {
const input = `${"x".repeat(40_000)} OPENAI_API_KEY=sk-1234567890abcdef ${"y".repeat(40_000)}`;
const output = redactSensitiveText(input, {
mode: "tools",
patterns: defaults,
});
expect(output).toContain("OPENAI_API_KEY=sk-123…cdef");
});
it("skips redaction when mode is off", () => {
const input = "OPENAI_API_KEY=sk-1234567890abcdef";
const output = redactSensitiveText(input, {