Harden URL redaction in inventory/review failure output (Issue #171)

This commit is contained in:
2026-07-05 14:17:52 -04:00
parent fde8323ad4
commit 3ff3affa64
4 changed files with 135 additions and 4 deletions
+4 -2
View File
@@ -761,7 +761,7 @@ _SECRET_PREFIXES = ("token ", "Basic ")
def _redact(text: str) -> str:
"""Strip anything that looks like an Authorization credential from *text*.
"""Strip anything that looks like an Authorization credential or raw URL from *text*.
Errors raised by ``api_request`` echo the server response body, not the
request headers, so a token should never appear — this is defence in depth
@@ -782,7 +782,9 @@ def _redact(text: str) -> str:
j += 1
out = out[:i] + prefix + "[REDACTED]" + out[j:]
idx = i + len(prefix) + len("[REDACTED]")
return out
# Redact raw URLs, query secrets, hostnames, etc.
import gitea_audit
return gitea_audit.redact_urls(out)
# Review states that carry a submitted verdict. Gitea also emits PENDING