fix(redaction): fully redact whitespace-separated auth credentials by JSONbored · Pull Request #37 · JSONbored/nightward

JSONbored · 2026-05-05T10:40:49Z

A recent change to redact_text stopped assignment redaction at the first whitespace, which left credential tokens in values like Authorization: Basic <credential> unredacted and leaked into report evidence.

Adjusted the unquoted assignment regex in redact_text to allow an optional second whitespace-delimited token so two-part auth schemes (e.g., Basic <credential>) are fully consumed and redacted.
Kept existing provider-specific redaction intact (e.g., Bearer and known token shapes) and preserved surrounding context behavior (so unrelated trailing text like paths remain visible).
Added a focused regression test redacts_basic_auth_values_after_sensitive_keys to ensure Authorization: Basic ... values are fully redacted.

Ran the unit tests for the core crate focusing on redaction with cargo test -p nightward-core redacts_, and the redaction-related tests passed (6 passed; 0 failed).
The new regression test redacts_basic_auth_values_after_sensitive_keys was executed as part of that run and passed.

Signed-off-by: JSONbored <49853598+JSONbored@users.noreply.github.com>

JSONbored added aardvark codex labels May 5, 2026 — with ChatGPT Codex Connector

JSONbored added aardvark codex labels May 5, 2026

JSONbored self-assigned this May 5, 2026

fix(redaction): fully redact two-part auth assignment values

6c0822d

Signed-off-by: JSONbored <49853598+JSONbored@users.noreply.github.com>

JSONbored force-pushed the codex/propose-fix-for-redaction-vulnerability branch from ed91865 to 6c0822d Compare May 5, 2026 11:33

JSONbored merged commit ed69022 into main May 5, 2026
15 checks passed

JSONbored deleted the codex/propose-fix-for-redaction-vulnerability branch May 5, 2026 11:39

Provide feedback