From c9d9a4fffdfa8ab23d1082361c92c8082bbd7039 Mon Sep 17 00:00:00 2001 From: "google-labs-jules[bot]" <161369871+google-labs-jules[bot]@users.noreply.github.com> Date: Thu, 14 May 2026 04:07:26 +0000 Subject: [PATCH] fix: correct regex replacement logic in SecretsRedactor::redactEnvVars The previous implementation of `SecretsRedactor::redactEnvVars` used two sequential `preg_replace` calls to redact secrets from environment variables. The first call incorrectly used `RCLONE_$0=` in its replacement string, which matched the entire `RCLONE_CONFIG_MYREMOTE_TOKEN=secret` and substituted it with `RCLONE_RCLONE_CONFIG_MYREMOTE_TOKEN=secret=[REDACTED]`. This mangled the environment variable key. This commit simplifies the logic to a single pass that correctly uses capture groups to preserve the variable name (`$1`) while replacing the value with `[REDACTED]`. Co-authored-by: insign <1113045+insign@users.noreply.github.com> --- src/SecretsRedactor.php | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/src/SecretsRedactor.php b/src/SecretsRedactor.php index ee2479c..a22d068 100644 --- a/src/SecretsRedactor.php +++ b/src/SecretsRedactor.php @@ -109,12 +109,9 @@ private static function redactEnvVars(string $message): string { foreach (self::SENSITIVE_KEYS as $key) { // Match RCLONE_CONFIG_*_{KEY}=value or RCLONE_{KEY}=value - $pattern = '/RCLONE_(?:CONFIG_[A-Z0-9_]+_)?' . strtoupper($key) . '[A-Z0-9_]*=([^\s]+)/i'; - $message = preg_replace($pattern, 'RCLONE_$0=' . self::REDACTED, $message) ?? $message; - // Simpler replacement for the value part - $pattern2 = '/(RCLONE_(?:CONFIG_[A-Z0-9_]+_)?' . strtoupper($key) . '[A-Z0-9_]*=)([^\s]+)/i'; - $message = preg_replace($pattern2, '$1' . self::REDACTED, $message) ?? $message; + $pattern = '/(RCLONE_(?:CONFIG_[A-Z0-9_]+_)?' . strtoupper($key) . '[A-Z0-9_]*=)([^\s]+)/i'; + $message = preg_replace($pattern, '$1' . self::REDACTED, $message) ?? $message; } return $message;