Skip to content

Fix ghs_ redaction pattern to support new token format #153

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
hpsin wants to merge 4 commits into
base: main
Choose a base branch
from
+34 −4
Open

Fix ghs_ redaction pattern to support new token format #153

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
894284d
Fix ghs token redaction regex
May 25, 2026
9d91197
Fix ghs_ regex: add dash to character class [A-Za-z0-9._-]
hpsin May 26, 2026
ac21280
Bump version to 1.5.2
hagould May 26, 2026
17f270e
Add test coverage for ghs_ token edge cases
hagould May 27, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion lib/patterns/default.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ module Patterns
# https://github.blog/2021-04-05-behind-githubs-new-authentication-token-formats/
/ghp_[A-Za-z0-9]{36,}|[0-9A-Fa-f]{40,}/,
/github_pat_[a-zA-Z0-9]{22}_[a-zA-Z0-9]{59}/, # Fine Grained
/ghs_[a-zA-Z0-9]{36}/, # Temporary Actions Tokens
/ghs_[A-Za-z0-9._-]{36,}/, # GitHub App installation tokens

# JWT Token
# https://en.wikipedia.org/wiki/JSON_Web_Token
Expand Down
2 changes: 1 addition & 1 deletion lib/version.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,6 @@

module RedactingLogger
module Version
VERSION = "1.5.1"
VERSION = "1.5.2"
end
end
34 changes: 32 additions & 2 deletions spec/lib/redacting_logger_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -82,9 +82,39 @@
expected_message: "token [REDACTED]"
},
{
case: "github action pat",
case: "github app installation token",
message: "token ghs_1234567890abcdefghijklmnopqrstuvwxyz123456",
expected_message: "token [REDACTED]123456"
expected_message: "token [REDACTED]"
},
{
case: "github app installation token with dots and underscores",
message: "token ghs_Abcdef1234567890ghijklmnopqrstu.vw_xyz.1234567890",
expected_message: "token [REDACTED]"
},
{
case: "github app installation token with dashes",
message: "token ghs_Abcdef-1234567890-ghijklmnopqrstu-vwxyz",
expected_message: "token [REDACTED]"
},
{
case: "github app installation token with mixed special chars",
message: "token ghs_abc.DEF-123_ghi.JKL-456_mno.PQR-789_stu",
expected_message: "token [REDACTED]"
},
{
case: "github app installation token at minimum length (36 chars after prefix)",
message: "token ghs_abcdefghijklmnopqrstuvwxyz1234567890",
expected_message: "token [REDACTED]"
},
{
case: "github app installation token longer than 36 chars",
message: "token ghs_abcdefghijklmnopqrstuvwxyz1234567890.extra-chars_here.more",
expected_message: "token [REDACTED]"
},
{
case: "github app installation token too short to match",
message: "token ghs_tooshort",
expected_message: "token ghs_tooshort"
},
{
case: "custom token",
Expand Down
Loading