github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-09 03:18:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): redact Telegram bot tokens in errors

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-16 03:30:39 +01:00
parent 09566b1693
commit cf69907015
4 changed files with 31 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/logging/redact.ts
View File

@@ -32,6 +32,8 @@ const DEFAULT_REDACT_PATTERNS: string[] = [
String.raw`\b(AIza[0-9A-Za-z\-_]{20,})\b`,
String.raw`\b(pplx-[A-Za-z0-9_-]{10,})\b`,
String.raw`\b(npm_[A-Za-z0-9]{10,})\b`,
// Telegram Bot API URLs embed the token as `/bot<token>/...` (no word-boundary before digits).
String.raw`\bbot(\d{6,}:[A-Za-z0-9_-]{20,})\b`,
String.raw`\b(\d{6,}:[A-Za-z0-9_-]{20,})\b`,
];