Skip to content

fix: fix deep sensitive redaction#43

Open
ccharly wants to merge 2 commits into
mainfrom
cc/fix/fix-deep-sensitive
Open

fix: fix deep sensitive redaction#43
ccharly wants to merge 2 commits into
mainfrom
cc/fix/fix-deep-sensitive

Conversation

@ccharly

@ccharly ccharly commented Jul 15, 2026

Copy link
Copy Markdown

Ancestor branches were still able to keep a reference to the original data that was not redacted, resulting in potentially leaking the sensitive data using custom failure reporting.


Note

Medium Risk
Changes security-sensitive failure redaction logic; behavior is narrower and safer but must stay correct for all branch shapes (objects vs arrays).

Overview
Fixes a leak where validation failures on sibling fields of sensitive()-wrapped objects could still expose secrets in failure.branch on outer branch entries.

withRedactedBranch no longer only shallow-copies the immediate parent at the matching branch index. After redacting that parent, it walks up the branch and, for each ancestor object or array, finds the property/entry that still points at the original child (via ===) and swaps in the already-sanitized child from the patched branch.

New validation fixtures cover one-level and three-level nesting so root and intermediate ancestors show *** for sensitive keys when a nested sibling field fails.

Reviewed by Cursor Bugbot for commit 5e9e9de. Bugbot is set up for automated code reviews on this repo. Configure here.

@ccharly ccharly requested a review from a team as a code owner July 15, 2026 20:07
@ccharly ccharly force-pushed the cc/fix/fix-deep-sensitive branch from d780b98 to 8d3c281 Compare July 15, 2026 20:08
@ccharly ccharly force-pushed the cc/fix/fix-deep-sensitive branch from 8d3c281 to 94370f0 Compare July 15, 2026 20:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant