CalvinBackup/gstack
1
0
Fork 0
mirror of https://github.com/garrytan/gstack.git synced 2026-05-05 05:05:08 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix(browse): improve storage redaction — word-boundary keys + more value prefixes

Browse Source 
Key regex: use underscore/dot/hyphen boundaries instead of \b (which treats
_ as word char). Now correctly redacts auth_token, session_token while
skipping keyboardShortcuts, monkeyPatch, primaryKey.

Value regex: add AWS (AKIA), Stripe (sk_live_, pk_live_), Anthropic (sk-ant-),
Google (AIza), Sendgrid (SG.), Supabase (sbp_) prefixes.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Garry Tan
2026-03-22 12:23:32 -07:00
parent 773e90215b
commit 96619d7470
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
browse/src/read-commands.ts
+2 -2
View File
@@ -291,8 +291,8 @@ export async function handleReadCommand(
sessionStorage: { ...sessionStorage },
}));
// Redact values that look like secrets (tokens, keys, passwords, JWTs)
const SENSITIVE_KEY = /token|secret|key|password|credential|auth|jwt|session|csrf|api.?key/i;
const SENSITIVE_VALUE = /^(eyJ|sk-|pk-|ghp_|gho_|github_pat_|xox[bpsa]-|Bearer\s)/;
const SENSITIVE_KEY = /(^|[_.-])(token|secret|key|password|credential|auth|jwt|session|csrf)($|[_.-])|api.?key/i;
const SENSITIVE_VALUE = /^(eyJ|sk-|sk_live_|sk_test_|pk_live_|pk_test_|rk_live_|sk-ant-|ghp_|gho_|github_pat_|xox[bpsa]-|AKIA[A-Z0-9]{16}|AIza|SG\.|Bearer\s|sbp_)/;
const redacted = JSON.parse(JSON.stringify(storage));
for (const storeType of ['localStorage', 'sessionStorage'] as const) {
const store = redacted[storeType];