CalvinBackup/gstack
1
0
Fork 0
mirror of https://github.com/garrytan/gstack.git synced 2026-05-05 05:05:08 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge PR #238: redact sensitive values in browse storage command

Browse Source
This commit is contained in:
Garry Tan
2026-03-22 09:56:10 -07:00
parent b2f4f37aff 75e6ca2989
commit 60d6e374ec
1 changed files with 15 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
browse/src/read-commands.ts
+15 -1
View File
@@ -290,7 +290,21 @@ export async function handleReadCommand(
localStorage: { ...localStorage },
sessionStorage: { ...sessionStorage },
}));
return JSON.stringify(storage, null, 2);
// Redact values that look like secrets (tokens, keys, passwords, JWTs)
const SENSITIVE_KEY = /token|secret|key|password|credential|auth|jwt|session|csrf|api.?key/i;
const SENSITIVE_VALUE = /^(eyJ|sk-|pk-|ghp_|gho_|github_pat_|xox[bpsa]-|Bearer\s)/;
const redacted = JSON.parse(JSON.stringify(storage));
for (const storeType of ['localStorage', 'sessionStorage'] as const) {
const store = redacted[storeType];
if (!store) continue;
for (const [key, value] of Object.entries(store)) {
if (typeof value !== 'string') continue;
if (SENSITIVE_KEY.test(key) || SENSITIVE_VALUE.test(value)) {
store[key] = `[REDACTED — ${value.length} chars]`;
}
}
}
return JSON.stringify(redacted, null, 2);
}
case 'perf': {