Skip to content

Commit d23fe1e

Browse files
committed
Security Hardening: Remove word boundary matching for scrubbing secrets from web hook diagnostic output.
1 parent 01178b6 commit d23fe1e

1 file changed

Lines changed: 2 additions & 2 deletions

File tree

lib/action.js

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1431,10 +1431,10 @@ class Actions {
14311431
// try to scrub secrets from output details (best effort)
14321432
var scrubSecrets = null;
14331433
if (data.secrets && Tools.firstKey(data.secrets)) {
1434-
var sec_re = new RegExp( "\\b(" +
1434+
var sec_re = new RegExp( "(" +
14351435
Object.values(data.secrets).map( sec => Tools.escapeRegExp(sec) ).join('|') + '|' +
14361436
Object.values(data.secrets).map( sec => Tools.escapeRegExp( encodeURIComponent(sec) ) ).join('|') +
1437-
")\\b", 'g' );
1437+
")", 'g' );
14381438
scrubSecrets = function(value) { return String(value).replace( sec_re, '(REDACTED)' ); }
14391439
}
14401440
else {

0 commit comments

Comments
 (0)