sneak/secret
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
985d79d3c0
secret/internal
History
sneak 985d79d3c0 fix: resolve critical security vulnerabilities in debug logging and command execution 
- Remove sensitive data from debug logs (vault/secrets.go, secret/version.go)
- Add input validation for GPG key IDs and keychain item names
- Resolve GPG key IDs to full fingerprints before storing in metadata
- Add comprehensive test coverage for validation functions
- Add golangci-lint configuration with additional linters

Security improvements:
- Debug logs no longer expose decrypted secret values or private keys
- GPG and keychain commands now validate input to prevent injection attacks
- All validation uses precompiled regex patterns for performance
2025-06-20 07:50:26 -07:00
..
cli passes tests now! 2025-06-20 07:24:48 -07:00
secret fix: resolve critical security vulnerabilities in debug logging and command execution 2025-06-20 07:50:26 -07:00
vault passes tests now! 2025-06-20 07:24:48 -07:00