Skip to content

Potential fix for code scanning alert no. 34: Clear-text logging of sensitive information#55

Merged
johnteee merged 1 commit into
mainfrom
alert-autofix-34
Jun 5, 2026
Merged

Potential fix for code scanning alert no. 34: Clear-text logging of sensitive information#55
johnteee merged 1 commit into
mainfrom
alert-autofix-34

Conversation

@johnteee

@johnteee johnteee commented Jun 5, 2026

Copy link
Copy Markdown
Member

Potential fix for https://github.com/TeaEntityLab/teaAgent/security/code-scanning/34

General fix: avoid logging any data derived from secret detection logic. For this function, the safest non-functional-change approach is to remove the info log that emits secret_skip_count (and avoid substituting with another derived value).

Best single fix in teaagent/subagents/_isolation.py:

  • In _copy_workspace_snapshot, delete the if secret_skip_count > 0: block that logs the count.
  • Keep secret_skip_count increments unchanged so file-copy behavior remains exactly the same.
  • No new imports, methods, or dependencies are required.

This addresses all three variants because the only vulnerable sink for this tainted value is the info log call at lines 147–150.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

…ensitive information

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@johnteee johnteee marked this pull request as ready for review June 5, 2026 15:26
@johnteee johnteee merged commit 655fea1 into main Jun 5, 2026
13 of 16 checks passed
@johnteee johnteee deleted the alert-autofix-34 branch June 5, 2026 15:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant