fix(egress): randomize canary secret env name

2026-06-25 03:25:23 +00:00
parent 0a7e166b35
commit 4808ef557a
9 changed files with 129 additions and 36 deletions
@@ -593,11 +593,15 @@ class TestFragmentationResistantMatching(unittest.TestCase):

    def test_canary_prefix_detected(self):
        canary_value = "canary-fake-secret-value-xyz"
-        env = {"EGRESS_TOKEN_CANARY": canary_value}
-        result = scan_known_secrets(f"x={canary_value}", env=env)
+        env = {"CANON_ALPHA_SECRET": canary_value}
+        result = scan_known_secrets(
+            f"x={canary_value}",
+            env=env,
+            sensitive_prefixes=("CANON_ALPHA_SECRET",),
+        )
        self.assertIsNotNone(result)
        assert result is not None
-        self.assertIn("EGRESS_TOKEN_CANARY", result.reason)
+        self.assertIn("CANON_ALPHA_SECRET", result.reason)


 class TestRedactTokensBroadenedPrefixes(unittest.TestCase):