Skip to content

feat(root):add minimum length for xprv key and v2x token WP-8145 #8261

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
rishikeshdadam136 wants to merge 1 commit into
base: master
Choose a base branch
from
+12 −5
Open

feat(root):add minimum length for xprv key and v2x token WP-8145 #8261

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 4 additions & 1 deletion modules/logger/src/sanitizeLog.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,8 @@ const SENSITIVE_KEYS = new Set([

const SENSITIVE_PREFIXES = ['v2x', 'xprv'];

const MIN_SENSITIVE_STRING_LENGTH = 10;

/**
* Checks if a key is sensitive (case-insensitive)
*/
Expand All @@ -29,9 +31,10 @@ function isSensitiveKey(key: string): boolean {
* Unlike isSensitiveKey (which checks property names), this identifies
* sensitive data by recognizable content patterns — useful when there
* is no key context (e.g. top-level strings, array elements).
* Requires a minimum length to avoid false positives on short strings.
*/
function isSensitiveStringValue(s: string): boolean {
return SENSITIVE_PREFIXES.some((prefix) => s.startsWith(prefix));
return s.length >= MIN_SENSITIVE_STRING_LENGTH && SENSITIVE_PREFIXES.some((prefix) => s.startsWith(prefix));
}

export function getErrorData(error: unknown): unknown {
Expand Down
12 changes: 8 additions & 4 deletions modules/logger/test/unit/sanitizeLog.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,8 +33,12 @@ describe('sanitize', function () {
assert.strictEqual(sanitize(V2_TOKEN), '<REMOVED>');
});

it('should redact a short string starting with v2x', function () {
assert.strictEqual(sanitize('v2xaabb'), '<REMOVED>');
it('should not redact a short string starting with v2x', function () {
assert.strictEqual(sanitize('v2xaabb'), 'v2xaabb');
});

it('should not redact a short string starting with xprv', function () {
assert.strictEqual(sanitize('xprv9abc'), 'xprv9abc');
});

it('should redact a string starting with xprv', function () {
Expand Down Expand Up @@ -106,8 +110,8 @@ describe('sanitize', function () {
assert.deepStrictEqual(sanitize({ key: XPRV_KEY }), { key: '<REMOVED>' });
});

it('should redact a short v2x object value', function () {
assert.deepStrictEqual(sanitize({ key: 'v2xaabb' }), { key: '<REMOVED>' });
it('should not redact a short v2x object value', function () {
assert.deepStrictEqual(sanitize({ key: 'v2xaabb' }), { key: 'v2xaabb' });
});

it('should not redact when sensitive prefix is not at the start of value', function () {
Expand Down