fix(egress): strip Authorization before DLP scan; remove auth_header param from scan_outbound
test / unit (pull_request) Successful in 32s
test / integration (pull_request) Successful in 46s
lint / lint (push) Successful in 1m27s
test / unit (push) Successful in 35s
test / integration (push) Successful in 42s
Update Quality Badges / update-badges (push) Successful in 1m20s
test / unit (pull_request) Successful in 32s
test / integration (pull_request) Successful in 46s
lint / lint (push) Successful in 1m27s
test / unit (push) Successful in 35s
test / integration (push) Successful in 42s
Update Quality Badges / update-badges (push) Successful in 1m20s
This commit was merged in pull request #212.
This commit is contained in:
@@ -30,6 +30,7 @@ from bot_bottle.egress_addon_core import (
|
||||
match_route,
|
||||
parse_config,
|
||||
parse_routes,
|
||||
scan_outbound,
|
||||
)
|
||||
|
||||
|
||||
@@ -599,6 +600,22 @@ class TestDecisionDefaults(unittest.TestCase):
|
||||
self.assertIsNone(d.inject_authorization)
|
||||
|
||||
|
||||
# --- scan_outbound -------------------------------------------------------
|
||||
|
||||
|
||||
class TestScanOutbound(unittest.TestCase):
|
||||
def test_body_token_patterns_still_block(self):
|
||||
result = scan_outbound(
|
||||
Route(host="chatgpt.com"),
|
||||
"leak sk-" + "A" * 48,
|
||||
{},
|
||||
)
|
||||
self.assertIsNotNone(result)
|
||||
assert result is not None
|
||||
self.assertEqual("body", result.location)
|
||||
self.assertIn("OpenAI API key", result.reason)
|
||||
|
||||
|
||||
# --- is_git_push_request ------------------------------------------------
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user