Skip to content

fix(security): sanitize log values (CWE-117) and remove committed node_modules#548

Merged
JerrettDavis merged 3 commits into
mainfrom
fix/log-forging-and-node-modules
Jun 23, 2026
Merged

fix(security): sanitize log values (CWE-117) and remove committed node_modules#548
JerrettDavis merged 3 commits into
mainfrom
fix/log-forging-and-node-modules

Conversation

@JerrettDavis

Copy link
Copy Markdown
Owner

Summary

Test plan

  • CodeQL scan on this branch passes with 0 cs/log-forging findings
  • CI build (dotnet build --configuration Release) succeeds
  • Integration tests stay green
  • Verify node_modules is absent from repo root after merge
  • Re-query open code-scanning security alerts → target 0

🤖 Generated with Claude Code

…nd remove committed node_modules

- Add SanitizeLogValue helper in OpenClawAgentRegistrar that strips CR/LF
  before values are passed to ILogger (addresses 4 cs/log-forging CodeQL alerts
  on alerts #9, #10, #11, #12)
- Apply sanitization to all four affected LogInformation/LogError/LogDebug
  call-sites logging agent.Id and agent.Name
- Remove 588 committed node_modules files (playwright + playwright-core) from
  version control via git rm --cached; add node_modules/ to .gitignore so
  it cannot be re-committed

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@github-actions

github-actions Bot commented Jun 23, 2026

Copy link
Copy Markdown
Contributor

⚠️ Deprecation Warning: The deny-licenses option is deprecated for possible removal in the next major release. For more information, see issue 997.

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

@github-actions

github-actions Bot commented Jun 23, 2026

Copy link
Copy Markdown
Contributor

Test Results

7 641 tests   7 622 ✅  2m 26s ⏱️
    7 suites     19 💤
    7 files        0 ❌

Results for commit 20bed0a.

♻️ This comment has been updated with latest results.

JerrettDavis and others added 2 commits June 22, 2026 21:10
…trar

The SanitizeLogValue helper insertion consumed the class-level closing brace
via regex. Re-insert the `    }` that closes OpenClawAgentRegistrar before
the new helper method.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Satisfies FINALNEWLINE editorconfig rule (end_of_line = crlf, insert_final_newline = true).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@github-actions

Copy link
Copy Markdown
Contributor

Code Coverage

Summary
  Generated on: 06/23/2026 - 02:31:36
  Coverage date: 06/23/2026 - 02:29:32 - 06/23/2026 - 02:31:27
  Parser: MultiReport (7x Cobertura)
  Assemblies: 23
  Classes: 1067
  Files: 591
  Line coverage: 74.6%
  Covered lines: 36835
  Uncovered lines: 12479
  Coverable lines: 49314
  Total lines: 97285
  Branch coverage: 61.8% (13929 of 22512)
  Covered branches: 13929
  Total branches: 22512
  Method coverage: 86.4% (6319 of 7308)
  Full method coverage: 74.2% (5427 of 7308)
  Covered methods: 6319
  Fully covered methods: 5427
  Total methods: 7308

@JerrettDavis JerrettDavis added the coverage-override Bypass coverage gate check label Jun 23, 2026
@JerrettDavis JerrettDavis merged commit 51b710c into main Jun 23, 2026
15 of 16 checks passed
@JerrettDavis JerrettDavis deleted the fix/log-forging-and-node-modules branch June 23, 2026 02:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant