CalvinBackup/gstack
1
0
Fork 0
mirror of https://github.com/garrytan/gstack.git synced 2026-05-05 05:05:08 +02:00
Code Issues Packages Projects Releases Wiki Activity

test: add coverage for storage redaction

Browse Source 
Test key-based redaction (auth_token, api_key), value-based redaction
(JWT prefix, GitHub PAT prefix), pass-through for normal keys, and
length preservation in redacted output.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Garry Tan
2026-03-22 09:57:33 -07:00
parent faaf998c7b
commit 03a8904afa
1 changed files with 32 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
browse/test/commands.test.ts
+32
View File
@@ -391,6 +391,38 @@ describe('Cookies and storage', () => {
const storage = JSON.parse(result);
expect(storage.localStorage.testKey).toBe('testValue');
});
test('storage read redacts sensitive keys', async () => {
await handleWriteCommand('goto', [baseUrl + '/basic.html'], bm);
await handleReadCommand('storage', ['set', 'auth_token', 'my-secret-token'], bm);
await handleReadCommand('storage', ['set', 'api_key', 'key-12345'], bm);
await handleReadCommand('storage', ['set', 'normalKey', 'normalValue'], bm);
const result = await handleReadCommand('storage', [], bm);
const storage = JSON.parse(result);
expect(storage.localStorage.auth_token).toMatch(/REDACTED/);
expect(storage.localStorage.api_key).toMatch(/REDACTED/);
expect(storage.localStorage.normalKey).toBe('normalValue');
});
test('storage read redacts sensitive values by prefix', async () => {
await handleWriteCommand('goto', [baseUrl + '/basic.html'], bm);
// JWT value under innocuous key name
await handleReadCommand('storage', ['set', 'userData', 'eyJhbGciOiJIUzI1NiJ9.payload.sig'], bm);
// GitHub PAT under innocuous key name
await handleReadCommand('storage', ['set', 'repoAccess', 'ghp_abc123def456'], bm);
const result = await handleReadCommand('storage', [], bm);
const storage = JSON.parse(result);
expect(storage.localStorage.userData).toMatch(/REDACTED/);
expect(storage.localStorage.repoAccess).toMatch(/REDACTED/);
});
test('storage redaction includes value length', async () => {
await handleWriteCommand('goto', [baseUrl + '/basic.html'], bm);
await handleReadCommand('storage', ['set', 'session_token', 'abc123'], bm);
const result = await handleReadCommand('storage', [], bm);
const storage = JSON.parse(result);
expect(storage.localStorage.session_token).toBe('[REDACTED — 6 chars]');
});
});
// ─── Performance ────────────────────────────────────────────────