fix: add AKIA and 0x private key redaction, preserve scan diagnostics
- redact_secrets now covers AWS AKIA keys and 0x-prefixed private keys, matching all patterns that scan_for_secrets detects - file-action-issue.sh no longer suppresses stderr from scan_for_secrets, so blocked-issue diagnostics reach the caller's log Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
openhands
parent
2cc538d4fc
commit
1c8c6a8caf
2 changed files with 7 additions and 1 deletions
|
|
@ -17,7 +17,7 @@ file_action_issue() {
|
|||
FILED_ISSUE_NUM=""
|
||||
|
||||
# Secret scan: reject issue bodies containing embedded secrets
|
||||
if ! scan_for_secrets "$body" 2>/dev/null; then
|
||||
if ! scan_for_secrets "$body"; then
|
||||
echo "file-action-issue: BLOCKED — issue body for '${formula_name}' contains potential secrets. Use env var references instead." >&2
|
||||
return 4
|
||||
fi
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue