Skip to content

security: redact CLI logs, bound regex matching (ReDoS), validate Chromium base URL (PER-8609/8615/8616)#2279

Open
Shivanshu-07 wants to merge 4 commits into
masterfrom
security/cli-runtime-redact-redos-ssrf
Open

security: redact CLI logs, bound regex matching (ReDoS), validate Chromium base URL (PER-8609/8615/8616)#2279
Shivanshu-07 wants to merge 4 commits into
masterfrom
security/cli-runtime-redact-redos-ssrf

fix(core): redact Percy tokens in logs (PER-8609)

3e0aae3
Select commit
Loading
Failed to load commit list.
GitHub Advanced Security / Semgrep OSS succeeded Jun 29, 2026 in 3s

1 new alert

New alerts in code changed by this pull request

  • 1 warning

See annotations below for details.

View all branch alerts.

Annotations

Check warning on line 629 in packages/core/src/utils.js

See this annotation in the file changed.

Code scanning / Semgrep OSS

Semgrep Finding: javascript.lang.security.audit.detect-non-literal-regexp.detect-non-literal-regexp Warning

RegExp() called with a p function argument, this might allow an attacker to cause a Regular Expression Denial-of-Service (ReDoS) within your application as RegExP blocks the main thread. For this reason, it is recommended to use hardcoded regexes instead. If your regex is run on user-controlled input, consider performing input validation or use a regex checking/sanitization library such as https://www.npmjs.com/package/recheck to verify that the regex does not appear vulnerable to ReDoS.