Skip to content

Redact credentials from Git URLs in logs #184

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Nov 5, 2025
Merged

Redact credentials from Git URLs in logs #184

merged 6 commits into from
Nov 5, 2025

Conversation

@ghostwriternr
Copy link
Member

@ghostwriternr ghostwriternr commented Oct 31, 2025

Credentials embedded in repository URLs (tokens, usernames, passwords) are now replaced with ****** before logging. This prevents sensitive data from appearing in logs when cloning private repos.

Fixes #177

@changeset-bot
Copy link

changeset-bot bot commented Oct 31, 2025
edited
Loading

🦋 Changeset detected

Latest commit: 7994fa7

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
@cloudflare/sandbox Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 31, 2025
View reviewed changes
@pkg-pr-new
Copy link

pkg-pr-new bot commented Oct 31, 2025
edited
Loading

Open in StackBlitz

npm i https://pkg.pr.new/cloudflare/sandbox-sdk/@cloudflare/sandbox@184

commit: 7994fa7

@github-actions
Copy link
Contributor

github-actions bot commented Oct 31, 2025
edited
Loading

🐳 Docker Image Published

FROM cloudflare/sandbox:0.0.0-pr-184-4670919

Version: 0.0.0-pr-184-4670919

You can use this Docker image with the preview package from this PR.

@cloudflare cloudflare deleted a comment from claude bot Nov 3, 2025
@ghostwriternr
Redact git credentials from logs
65a3e33 
Git URLs with authentication tokens were leaking in logs during
clone operations. Added GitLogger wrapper to automatically sanitize
credentials from all log output.
@ghostwriternr ghostwriternr force-pushed the redact-creds-git-checkout branch from b844100 to 65a3e33 Compare November 3, 2025 17:29
github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 3, 2025
View reviewed changes
@ghostwriternr
Use URL parsing instead of regex
527aaea
@ghostwriternr
Fix credential redaction in embedded URLs
eece829 
The regex-based approach now correctly handles URLs embedded in error
messages. Simplified sanitizeGitData() to use general recursion for
all fields instead of field-specific logic.
github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 5, 2025
View reviewed changes
@ghostwriternr
Use URL parsing instead of regex
1481ce7 
Replaces regex pattern with simple string scanning to eliminate
ReDoS vulnerability while maintaining credential redaction.
@ghostwriternr
Fix formatting
f096e08
@cloudflare cloudflare deleted a comment from claude bot Nov 5, 2025
@ghostwriternr
Improve credential redaction completeness
7994fa7 
URL boundary detection now stops at structural delimiters
(quotes, brackets) to handle JSON/XML formats correctly.

GitLogger now sanitizes Error objects to prevent credential
leaks when error messages contain repository URLs.

Replace 'any' with Record<string, unknown> for type safety.
@cloudflare cloudflare deleted a comment from claude bot Nov 5, 2025
@claude
Copy link

claude bot commented Nov 5, 2025

Claude Code Review

Summary: This PR effectively addresses credential leakage in Git URLs with a well-structured solution. The implementation is solid with comprehensive test coverage.

Architecture & Implementation

Strengths:

  • Clean separation: sanitization logic in @repo/shared for reusability
  • GitLogger wrapper elegantly auto-sanitizes all log outputs
  • Recursive sanitization catches credentials in nested objects/arrays
  • Error handling sanitizes both messages and stack traces

Minor concerns:

  1. URL parsing robustness (packages/shared/src/git.ts:42): Regex for URL boundaries may miss edge cases like parentheses or question marks. Consider more delimiters or a URL parsing library.

  2. Performance (packages/shared/src/git.ts:13-55): String concatenation in loop creates O(n²) complexity. Fine for typical logs, but array+join would be better for large strings.

  3. Type safety (packages/sandbox-container/src/services/git-service.ts:48): Explicit cast bypasses type checking. Consider restructuring to avoid it.

  4. DI coupling (packages/sandbox-container/src/core/container.ts:99): GitLogger creation couples DI to Git-specific logging. Generic factory pattern would be cleaner.

Testing

Excellent coverage:

  • Various URL format redaction verified
  • Credentials sanitized in actual log output
  • Edge cases handled (null, undefined, nested objects, arrays)
  • Error object sanitization tested

Missing: No test for URL-encoded auth like user%40email:pass@host

Verdict

Approve with minor suggestions. Core functionality is sound and solves the security issue effectively. Concerns are optimizations/edge cases that don't block merging.

@ghostwriternr ghostwriternr merged commit 7989b61 into main Nov 5, 2025
10 checks passed
@ghostwriternr ghostwriternr deleted the redact-creds-git-checkout branch November 5, 2025 15:05
@threepointone threepointone mentioned this pull request Nov 5, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Redact GITHUB_TOKEN from repository url when writing to logs

1 participant

@ghostwriternr