mirror of
https://github.com/tiennm99/ccs.git
synced 2026-07-17 04:17:11 +00:00
fix(security): improve API key detection patterns to prevent false positives
- Change from substring to pattern-based matching for sensitive keys - Prevents ANTHROPIC_MAX_TOKENS from being incorrectly censored - Synchronize backend and UI detection logic for consistency
This commit is contained in:
@@ -478,10 +478,17 @@ function maskApiKeys(settings: Settings): Settings {
|
||||
if (!settings.env) return settings;
|
||||
|
||||
const masked = { ...settings, env: { ...settings.env } };
|
||||
const sensitiveKeys = ['ANTHROPIC_AUTH_TOKEN', 'API_KEY', 'AUTH_TOKEN'];
|
||||
// Pattern-based matching for sensitive keys
|
||||
const sensitivePatterns = [
|
||||
/^ANTHROPIC_AUTH_TOKEN$/, // Exact match for Anthropic auth token
|
||||
/_API_KEY$/, // Keys ending with _API_KEY
|
||||
/_AUTH_TOKEN$/, // Keys ending with _AUTH_TOKEN
|
||||
/^API_KEY$/, // Exact match for API_KEY
|
||||
/^AUTH_TOKEN$/, // Exact match for AUTH_TOKEN
|
||||
];
|
||||
|
||||
for (const key of Object.keys(masked.env)) {
|
||||
if (sensitiveKeys.some((sensitive) => key.includes(sensitive))) {
|
||||
if (sensitivePatterns.some((pattern) => pattern.test(key))) {
|
||||
const value = masked.env[key];
|
||||
if (value && value.length > 8) {
|
||||
masked.env[key] =
|
||||
|
||||
@@ -145,7 +145,17 @@ function SettingsDialogContent({
|
||||
};
|
||||
|
||||
const isSensitiveKey = (key: string): boolean => {
|
||||
return key.includes('TOKEN') || key.includes('KEY') || key.includes('SECRET');
|
||||
// Pattern-based matching for sensitive keys (same as backend)
|
||||
const sensitivePatterns = [
|
||||
/^ANTHROPIC_AUTH_TOKEN$/, // Exact match for Anthropic auth token
|
||||
/_API_KEY$/, // Keys ending with _API_KEY
|
||||
/_AUTH_TOKEN$/, // Keys ending with _AUTH_TOKEN
|
||||
/^API_KEY$/, // Exact match for API_KEY
|
||||
/^AUTH_TOKEN$/, // Exact match for AUTH_TOKEN
|
||||
/_SECRET$/, // Keys ending with _SECRET
|
||||
/^SECRET$/, // Exact match for SECRET
|
||||
];
|
||||
return sensitivePatterns.some((pattern) => pattern.test(key));
|
||||
};
|
||||
|
||||
return (
|
||||
|
||||
Reference in New Issue
Block a user