Skip to content

t4959: Address 4 review findings in prompt-guard-helper.sh #4967

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
alex-solovyev merged 1 commit into from
Mar 15, 2026
Merged

t4959: Address 4 review findings in prompt-guard-helper.sh #4967

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions .agents/configs/prompt-injection-patterns.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -633,8 +633,8 @@ credential_exposure:
pattern: '[?&]token=[^&\s]{8,}'

- severity: MEDIUM
description: "URL query param: api_key/apikey"
pattern: '[?&](api_key|apikey|api-key)=[^&\s]{8,}'
description: "URL query param: key/api_key/apikey"
Copy link
Copy Markdown

@gemini-code-assist gemini-code-assist bot Mar 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security-medium medium

To improve clarity and ensure the description perfectly matches the pattern, consider including all variants. The pattern checks for key, api_key, apikey, and api-key, but the description is missing api-key.

    description: "URL query param: key/api_key/apikey/api-key"
References
  1. To ensure comprehensive coverage, security detection patterns must include all known variations.
  2. When applying a fix for a specific pattern, also fix other instances of the same pattern in the file for consistency.

pattern: '[?&](key|api_key|apikey|api-key)=[^&\s]{8,}'

- severity: MEDIUM
description: "URL query param: password"
Expand Down
25 changes: 14 additions & 11 deletions .agents/scripts/prompt-guard-helper.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -329,7 +329,7 @@ LOW|system_prompt_extraction|System prompt extraction variant|([Ww]rite|[Tt]ype|
LOW|system_prompt_extraction|Prompt leak via translation|([Tt]ranslate|[Cc]onvert)\s+(your\s+)?(system\s+)?(prompt|instructions|rules)\s+(to|into)\s+(French|Spanish|Chinese|another\s+language)
MEDIUM|credential_exposure|URL query param: secret|[?&]secret=[^&\s]{8,}
MEDIUM|credential_exposure|URL query param: token|[?&]token=[^&\s]{8,}
MEDIUM|credential_exposure|URL query param: key|[?&](api_key|apikey|api-key)=[^&\s]{8,}
MEDIUM|credential_exposure|URL query param: key/api_key|[?&](key|api_key|apikey|api-key)=[^&\s]{8,}
Copy link
Copy Markdown

@gemini-code-assist gemini-code-assist bot Mar 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security-medium medium

For consistency with the pattern and the YAML configuration, it would be best to make this description fully comprehensive. The current description key/api_key is missing apikey and api-key which are present in the regex.

Suggested change
MEDIUM|credential_exposure|URL query param: key/api_key|[?&](key|api_key|apikey|api-key)=[^&\s]{8,}
MEDIUM|credential_exposure|URL query param: key/api_key/apikey/api-key|[?&](key|api_key|apikey|api-key)=[^&
s]{8,}
References
  1. To ensure comprehensive coverage, security detection patterns must include all known variations.
  2. When applying a fix for a specific pattern, also fix other instances of the same pattern in the file for consistency.

MEDIUM|credential_exposure|URL query param: password|[?&]password=[^&\s]{8,}
MEDIUM|credential_exposure|URL query param: access_token|[?&]access_token=[^&\s]{8,}
MEDIUM|credential_exposure|URL query param: auth|[?&](auth|authorization)=[^&\s]{8,}
Expand Down Expand Up @@ -589,7 +589,7 @@ _pg_sanitize_message() {

# Redact credential values in URL query parameters (t4954)
# Matches ?secret=VALUE or &token=VALUE etc. and replaces VALUE with [REDACTED]
sanitized=$(printf '%s' "$sanitized" | sed -E 's/([?&](secret|token|api_key|apikey|api-key|password|access_token|auth|authorization|client_secret|webhook_secret)=)[^&[:space:]]{8,}/\1[REDACTED]/g')
sanitized=$(printf '%s' "$sanitized" | sed -E 's/([?&](key|secret|token|api_key|apikey|api-key|password|access_token|auth|authorization|client_secret|webhook_secret)=)[^&[:space:]]{8,}/\1[REDACTED]/g')

printf '%s' "$sanitized"
return 0
Expand Down Expand Up @@ -1493,20 +1493,23 @@ cmd_test() {

echo ""
echo "Testing URL credential exposure (MEDIUM — should WARN, t4954):"
_test_expect "URL with ?secret= param" 2 "https://example.com/webhook?secret=abc123def456ghi789"
_test_expect "URL with &token= param" 2 "https://api.example.com/callback?id=1&token=FAKE_SK_LIVE_abcdef123456"
_test_expect "URL with ?api_key= param" 2 "https://hooks.example.com/v1?api_key=FAKE_AKIA_IOSFODNN7EXAMPLE"
_test_expect "URL with ?password= param" 2 "https://service.example.com/auth?password=SuperSecret123!"
_test_expect "URL with ?access_token= param" 2 "https://api.example.com/data?access_token=FAKE_JWT_aGVhZGVyLnBheWxvYWQ"
_test_expect "URL with ?client_secret= param" 2 "https://oauth.example.com/token?client_secret=FAKE_CS_abcdef123456789"
# Test values use PLACEHOLDER_ prefix to avoid secret-scanner false positives (GH#4959).
# Real secrets must never appear in test literals — use env vars or secret managers.
_test_expect "URL with ?secret= param" 2 "https://example.com/webhook?secret=PLACEHOLDER_SECRET_VALUE_123456"
_test_expect "URL with &token= param" 2 "https://api.example.com/callback?id=1&token=PLACEHOLDER_TOKEN_VALUE_123456"
_test_expect "URL with ?api_key= param" 2 "https://hooks.example.com/v1?api_key=PLACEHOLDER_APIKEY_VALUE_123456"
_test_expect "URL with ?password= param" 2 "https://service.example.com/auth?password=PLACEHOLDER_PASSWORD_VALUE_123"
_test_expect "URL with ?access_token= param" 2 "https://api.example.com/data?access_token=PLACEHOLDER_ACCESS_TOKEN_123456"
_test_expect "URL with ?client_secret= param" 2 "https://oauth.example.com/token?client_secret=PLACEHOLDER_CLIENT_SECRET_123"
_test_expect "URL with ?key= param" 2 "https://example.com/api?key=PLACEHOLDER_KEY_VALUE_12345678"
_test_expect "Short param value (no match)" 0 "https://example.com/page?secret=abc"

echo ""
echo "Testing URL credential sanitization (t4954):"
total=$((total + 1))
local url_sanitized
url_sanitized=$(PROMPT_GUARD_QUIET="true" cmd_sanitize "Webhook URL: https://example.com/hook?secret=abc123def456ghi789&name=test" 2>/dev/null)
if [[ "$url_sanitized" == *"[REDACTED]"* ]] && [[ "$url_sanitized" != *"abc123def456ghi789"* ]]; then
url_sanitized=$(PROMPT_GUARD_QUIET="true" cmd_sanitize "Webhook URL: https://example.com/hook?secret=PLACEHOLDER_SECRET_VALUE_123456&name=test" 2>/dev/null)
if [[ "$url_sanitized" == *"[REDACTED]"* ]] && [[ "$url_sanitized" != *"PLACEHOLDER_SECRET_VALUE_123456"* ]]; then
echo -e " ${GREEN}PASS${NC} URL secret param redacted in sanitization"
passed=$((passed + 1))
else
Expand All @@ -1515,7 +1518,7 @@ cmd_test() {
fi

total=$((total + 1))
url_sanitized=$(PROMPT_GUARD_QUIET="true" cmd_sanitize "Config: https://api.example.com/v1?token=sk_live_abcdef123456&format=json" 2>/dev/null)
url_sanitized=$(PROMPT_GUARD_QUIET="true" cmd_sanitize "Config: https://api.example.com/v1?token=PLACEHOLDER_TOKEN_VALUE_123456&format=json" 2>/dev/null)
if [[ "$url_sanitized" == *"[REDACTED]"* ]] && [[ "$url_sanitized" == *"format=json"* ]]; then
echo -e " ${GREEN}PASS${NC} URL token param redacted, non-secret params preserved"
passed=$((passed + 1))
Expand Down
Loading