fix: replace literal BrowserStack access key with placeholder in SDK / yml tool output#306
Open
SavioBS629 wants to merge 1 commit into
Open
Conversation
…/ yml tool output
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What this PR does
Stops the BrowserStack SDK setup instructions and
browserstack.ymlgenerator from emitting the literalBROWSERSTACK_ACCESS_KEYinto MCP tool output. Output now contains a<your BrowserStack access key>placeholder; users substitute their key locally.
Why
Same prompt-injection exfil class as PMAA-100's Percy token leak: anything in MCP tool response text can be
recovered from LLM transcripts, shared sessions, or compromised assistant sessions. The access key is
user-supplied (lower severity than the server-fetched Percy token) but the path is identical.
Flagged during PMAA-100 security review as the "Adjacent concern" —
explicitly framed as out-of-scope for PMAA-100 with a recommendation to open a follow-up audit ticket. This
is that follow-up.
Changes
src/tools/sdk-utils/bstack/commands.ts—getSDKPrefixCommand(and its internal helpers) no longer takean
accessKeyparameter. Output uses a sharedACCESS_KEY_PLACEHOLDERconstant.src/tools/sdk-utils/bstack/configUtils.ts—generateBrowserStackYMLInstructionsemitsaccessKey: "<your BrowserStack access key>"in the renderedbrowserstack.yml.src/tools/sdk-utils/percy-bstack/handler.ts,src/tools/sdk-utils/bstack/sdkHandler.ts— callers updatedto drop the now-removed
accessKeyargument.tests/tools/sdk-utils-commands.test.ts— assertions inverted to pin the new contract: the placeholdermust appear; the access key must not.
Behavioural change
Maven and Node.js setup commands in tool output now contain the placeholder string where the literal key used
to appear. Users substitute their key before running — matches the pattern used for the Percy token
(#288).
Out of scope (worth a separate audit if not already tracked)
Other
${accessKey}interpolation sites that this PR doesn't touch:src/tools/sdk-utils/bstack/constants.ts— 6 sitessrc/tools/appautomate-utils/appium-sdk/languages/java.ts— 2 sitessrc/tools/appautomate-utils/appium-sdk/languages/nodejs.ts— 1 siteVerification
npm run build→ lint, format, 171 tests pass, tsc clean.getSDKPrefixCommandis not imported anywhere outsidesrc/tools/sdk-utils/bstack/andsrc/tools/sdk-utils/percy-bstack/(verified viagrep -rn).