mirror of
https://github.com/moltbot/moltbot.git
synced 2026-04-24 07:01:49 +00:00
refactor: unify sensitive URL config hints
This commit is contained in:
@@ -1,6 +1,9 @@
|
||||
import { describe, expect, it } from "vitest";
|
||||
import {
|
||||
isSensitiveUrlQueryParamName,
|
||||
isSensitiveUrlConfigPath,
|
||||
SENSITIVE_URL_HINT_TAG,
|
||||
hasSensitiveUrlHintTag,
|
||||
redactSensitiveUrl,
|
||||
redactSensitiveUrlLikeString,
|
||||
} from "./redact-sensitive-url.js";
|
||||
@@ -40,3 +43,17 @@ describe("isSensitiveUrlQueryParamName", () => {
|
||||
expect(isSensitiveUrlQueryParamName("safe")).toBe(false);
|
||||
});
|
||||
});
|
||||
|
||||
describe("sensitive URL config metadata", () => {
|
||||
it("recognizes config paths that may embed URL secrets", () => {
|
||||
expect(isSensitiveUrlConfigPath("models.providers.*.baseUrl")).toBe(true);
|
||||
expect(isSensitiveUrlConfigPath("mcp.servers.remote.url")).toBe(true);
|
||||
expect(isSensitiveUrlConfigPath("gateway.remote.url")).toBe(false);
|
||||
});
|
||||
|
||||
it("uses an explicit url-secret hint tag", () => {
|
||||
expect(SENSITIVE_URL_HINT_TAG).toBe("url-secret");
|
||||
expect(hasSensitiveUrlHintTag({ tags: [SENSITIVE_URL_HINT_TAG] })).toBe(true);
|
||||
expect(hasSensitiveUrlHintTag({ tags: ["security"] })).toBe(false);
|
||||
});
|
||||
});
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
import type { ConfigUiHint } from "../config-ui-hints-types.js";
|
||||
|
||||
export const SENSITIVE_URL_HINT_TAG = "url-secret";
|
||||
|
||||
const SENSITIVE_URL_QUERY_PARAM_NAMES = new Set([
|
||||
"token",
|
||||
"key",
|
||||
@@ -16,6 +20,17 @@ export function isSensitiveUrlQueryParamName(name: string): boolean {
|
||||
return SENSITIVE_URL_QUERY_PARAM_NAMES.has(name.toLowerCase());
|
||||
}
|
||||
|
||||
export function isSensitiveUrlConfigPath(path: string): boolean {
|
||||
if (path.endsWith(".baseUrl") || path.endsWith(".httpUrl")) {
|
||||
return true;
|
||||
}
|
||||
return /^mcp\.servers\.(?:\*|[^.]+)\.url$/.test(path);
|
||||
}
|
||||
|
||||
export function hasSensitiveUrlHintTag(hint: Pick<ConfigUiHint, "tags"> | undefined): boolean {
|
||||
return hint?.tags?.includes(SENSITIVE_URL_HINT_TAG) === true;
|
||||
}
|
||||
|
||||
export function redactSensitiveUrl(value: string): string {
|
||||
try {
|
||||
const parsed = new URL(value);
|
||||
|
||||
Reference in New Issue
Block a user