fix(auth): prevent mask_secret panic on multi-byte UTF-8 secrets#591
fix(auth): prevent mask_secret panic on multi-byte UTF-8 secrets#591
Conversation
Use char-based indexing instead of byte-offset slicing in mask_secret() to prevent panics when secrets contain multi-byte UTF-8 characters (accented letters, emoji, CJK, etc.).
jpoehnelt
added
area: auth
area: core
🦋 Changeset detectedLatest commit: 6a6a092 The changes in this PR will be included in the next version bump. This PR includes changesets to release 1 package
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
Summary of ChangesHello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request addresses a critical runtime panic in the Highlights
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request addresses a panic that occurred in the mask_secret function when processing multi-byte UTF-8 secrets. The fix involves changing the string manipulation from byte-offset slicing to character-based indexing, ensuring correct handling of UTF-8 characters. New test cases have been added to validate this behavior with various multi-byte UTF-8 strings. There is no feedback to provide.
googleworkspace-bot
added
cla: yes
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #591 +/- ##
=======================================
Coverage 69.01% 69.02%
=======================================
Files 42 42
Lines 19292 19298 +6
=======================================
+ Hits 13315 13321 +6
Misses 5977 5977 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
github-actions
bot
added
the
gemini: reviewed
3 participants
Summary
Fixes a runtime panic in
mask_secret()when a credential string contains multi-byte UTF-8 characters (accented letters, emoji, CJK, etc.) near the masking boundary.Root Cause
The original code used byte-level slicing (
&s[..4],&s[s.len()-4..]) on a Rust&str. Rust strings are UTF-8, where a single character can be 1–4 bytes. If byte offset 4 lands inside a multi-byte character, Rust panics withbyte index is not a char boundary.Fix
s.len()→s.chars().count()(count characters, not bytes)&s[..4]→s.chars().take(4).collect()(first 4 characters)&s[s.len()-4..]→s.chars().skip(n-4).collect()(last 4 characters)Tests
Added
mask_secret_multibyte_utf8test covering accented Latin, Greek alphabet, and short multi-byte strings. All 750 tests pass with zero regressions.Impact
exporton short stringshandle_export)Checklist
AGENTS.mdguidelinescargo fmt --allcargo clippy -- -D warningsand resolved all warnings