From 387f684076462ba5fe50eef6c1adc8233ef60d27 Mon Sep 17 00:00:00 2001
From: Dadam Rishikesh Reddy <rishikeshdadam136@bitgo.com>
Date: Fri, 6 Mar 2026 20:09:35 +0530
Subject: [PATCH] feat(root): add minimum length for xprv key and v2x token

WP-8145

TICKET: WP-8145
---
 modules/logger/src/sanitizeLog.ts       |  5 ++++-
 modules/logger/test/unit/sanitizeLog.ts | 12 ++++++++----
 2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/modules/logger/src/sanitizeLog.ts b/modules/logger/src/sanitizeLog.ts
index 25da5306ab..0ee1a7bfbd 100644
--- a/modules/logger/src/sanitizeLog.ts
+++ b/modules/logger/src/sanitizeLog.ts
@@ -17,6 +17,8 @@ const SENSITIVE_KEYS = new Set([
 
 const SENSITIVE_PREFIXES = ['v2x', 'xprv'];
 
+const MIN_SENSITIVE_STRING_LENGTH = 10;
+
 /**
  * Checks if a key is sensitive (case-insensitive)
  */
@@ -29,9 +31,10 @@ function isSensitiveKey(key: string): boolean {
  * Unlike isSensitiveKey (which checks property names), this identifies
  * sensitive data by recognizable content patterns — useful when there
  * is no key context (e.g. top-level strings, array elements).
+ * Requires a minimum length to avoid false positives on short strings.
  */
 function isSensitiveStringValue(s: string): boolean {
-  return SENSITIVE_PREFIXES.some((prefix) => s.startsWith(prefix));
+  return s.length >= MIN_SENSITIVE_STRING_LENGTH && SENSITIVE_PREFIXES.some((prefix) => s.startsWith(prefix));
 }
 
 export function getErrorData(error: unknown): unknown {
diff --git a/modules/logger/test/unit/sanitizeLog.ts b/modules/logger/test/unit/sanitizeLog.ts
index 97eeb31569..e1ff8095b7 100644
--- a/modules/logger/test/unit/sanitizeLog.ts
+++ b/modules/logger/test/unit/sanitizeLog.ts
@@ -33,8 +33,12 @@ describe('sanitize', function () {
       assert.strictEqual(sanitize(V2_TOKEN), '<REMOVED>');
     });
 
-    it('should redact a short string starting with v2x', function () {
-      assert.strictEqual(sanitize('v2xaabb'), '<REMOVED>');
+    it('should not redact a short string starting with v2x', function () {
+      assert.strictEqual(sanitize('v2xaabb'), 'v2xaabb');
+    });
+
+    it('should not redact a short string starting with xprv', function () {
+      assert.strictEqual(sanitize('xprv9abc'), 'xprv9abc');
     });
 
     it('should redact a string starting with xprv', function () {
@@ -106,8 +110,8 @@ describe('sanitize', function () {
       assert.deepStrictEqual(sanitize({ key: XPRV_KEY }), { key: '<REMOVED>' });
     });
 
-    it('should redact a short v2x object value', function () {
-      assert.deepStrictEqual(sanitize({ key: 'v2xaabb' }), { key: '<REMOVED>' });
+    it('should not redact a short v2x object value', function () {
+      assert.deepStrictEqual(sanitize({ key: 'v2xaabb' }), { key: 'v2xaabb' });
     });
 
     it('should not redact when sensitive prefix is not at the start of value', function () {