Audit and harden redaction for raw URL exposure in PR inventory/review failure output #171

Closed
opened 2026-07-05 12:29:40 -05:00 by jcwalker3 · 0 comments
Owner

During review of PR #165 (pinned head 88296f0262c50bd5e2d5f2aee16cca20c544749a), a reviewer found inventory/review failure output may expose raw service URLs because _redact() appears focused on credential strings (token , Basic ). Re-confirmed unresolved during PR #169 review at head a4060c59cc7ac2033cf77764677c81d067e29316: #169 routes review bodies through _redact and hides endpoint URLs behind GITEA_MCP_REVEAL_ENDPOINTS, but the underlying pattern gap is pre-existing and unchanged; no test exercises URL redaction in failure output. Origin report: mcp-control-plane #66 (incident description, comment 2825).

Suspected code path: _redact() in mcp_server.py and every PR inventory/review failure path interpolating request context into agent-facing errors, permission reports, or audit records.

Acceptance criteria:

  • Audit _redact() and all PR inventory/review failure output paths.
  • Confirm whether raw service URLs, internal endpoints, URL credentials, query-string secrets, or hostnames can appear in agent-facing output, permission reports, audit logs, or review failure messages.
  • Add regression tests for URL/endpoint redaction in failure output.
  • Preserve useful synthetic test fixture URLs only where explicitly test-only.
  • Do not weaken existing credential redaction.
  • Run the full relevant test suite.
During review of PR #165 (pinned head `88296f0262c50bd5e2d5f2aee16cca20c544749a`), a reviewer found inventory/review failure output may expose raw service URLs because `_redact()` appears focused on credential strings (`token `, `Basic `). Re-confirmed unresolved during PR #169 review at head `a4060c59cc7ac2033cf77764677c81d067e29316`: #169 routes review bodies through `_redact` and hides endpoint URLs behind `GITEA_MCP_REVEAL_ENDPOINTS`, but the underlying pattern gap is pre-existing and unchanged; no test exercises URL redaction in failure output. Origin report: mcp-control-plane #66 (incident description, comment 2825). Suspected code path: `_redact()` in `mcp_server.py` and every PR inventory/review failure path interpolating request context into agent-facing errors, permission reports, or audit records. Acceptance criteria: - Audit `_redact()` and all PR inventory/review failure output paths. - Confirm whether raw service URLs, internal endpoints, URL credentials, query-string secrets, or hostnames can appear in agent-facing output, permission reports, audit logs, or review failure messages. - Add regression tests for URL/endpoint redaction in failure output. - Preserve useful synthetic test fixture URLs only where explicitly test-only. - Do not weaken existing credential redaction. - Run the full relevant test suite.
jcwalker3 added the mcpsecuritygiteatestingreliability labels 2026-07-05 12:29:52 -05:00
jcwalker3 added the status:in-progress label 2026-07-05 13:15:33 -05:00
sysadmin removed the status:in-progress label 2026-07-05 13:28:04 -05:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Scaled-Tech-Consulting/Gitea-Tools#171