Skip to content

Potential fix for code scanning alert no. 1655: Clear-text logging of sensitive information#744

Merged
Bryan-Roe merged 1 commit into
mainfrom
alert-autofix-1655
Jul 6, 2026
Merged

Potential fix for code scanning alert no. 1655: Clear-text logging of sensitive information#744
Bryan-Roe merged 1 commit into
mainfrom
alert-autofix-1655

Conversation

@Bryan-Roe

@Bryan-Roe Bryan-Roe commented Jul 6, 2026

Copy link
Copy Markdown
Owner

Potential fix for https://github.com/Bryan-Roe/Aria/security/code-scanning/1655

To fix this, avoid logging any potentially sensitive derived detail (names) in clear text. Keep behavior unchanged otherwise: still warn/block based on findings, still include optional file path hint, still return same exit codes.

Best single fix in .github/hooks/scripts/secrets_leak_guard.py:

  • In the warn-only branch (else: near lines 230–235), remove construction and interpolation of names.
  • Replace the warning string with a generic message that does not include detected secret type names.

No new imports, methods, or dependencies are needed.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.


Note

Low Risk
Narrows hook stderr/stdout output only; detection, blocking, and exit semantics are unchanged.

Overview
Addresses code scanning alert #1655 (clear-text logging of sensitive information) in the warn-only path of .github/hooks/scripts/secrets_leak_guard.py.

The hook no longer builds or prints names (the comma-separated list of matched secret type labels from _scan_content). Warnings stay generic: optional file path hint, same exit codes, and unchanged block vs warn behavior when ARIA_SECRETS_BLOCK is set.

Reviewed by Cursor Bugbot for commit ac58800. Bugbot is set up for automated code reviews on this repo. Configure here.

… sensitive information

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Signed-off-by: Bryan <74067792+Bryan-Roe@users.noreply.github.com>
@Bryan-Roe Bryan-Roe marked this pull request as ready for review July 6, 2026 19:29

@sourcery-ai sourcery-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry @Bryan-Roe, you have reached your weekly rate limit of 500000 diff characters.

Please try again later or upgrade to continue using Sourcery

@Bryan-Roe Bryan-Roe merged commit 8c4a6c8 into main Jul 6, 2026
1 of 3 checks passed
@Bryan-Roe Bryan-Roe deleted the alert-autofix-1655 branch July 6, 2026 19:29
@chatgpt-codex-connector

Copy link
Copy Markdown

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

@cursor

cursor Bot commented Jul 6, 2026

Copy link
Copy Markdown

Bugbot couldn't run - usage limit reached

Bugbot is counted against Cursor usage for this user or team, and this run hit a usage or spend limit.

A user or team admin can review and increase usage limits in the Cursor dashboard.

(requestId: serverGenReqId_f28438ef-e360-40c8-84e1-935700c09c81)

@cursor

cursor Bot commented Jul 6, 2026

Copy link
Copy Markdown

Bugbot couldn't run - usage limit reached

Bugbot is counted against Cursor usage for this user or team, and this run hit a usage or spend limit.

A user or team admin can review and increase usage limits in the Cursor dashboard.

(requestId: serverGenReqId_d584fd01-53be-4007-909d-2be79ec1d3be)

@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

🔐 CodeQL — Open Alerts on this PR

Severity Count
note 67
warning 13
medium 6
error 10
high 4

Copilot Autofix suggestions (if enabled) appear as inline review comments on the affected lines.
See the full list in the Security tab.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant