Fix mask_secret panic on multi-byte UTF-8 secrets#575
Fix mask_secret panic on multi-byte UTF-8 secrets#575alysajad wants to merge 2 commits intogoogleworkspace:mainfrom
mask_secret panic on multi-byte UTF-8 secrets#575Conversation
|
|
Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). View this failed invocation of the CLA check for more information. For the most up to date status, view the checks section at the bottom of the pull request. |
Summary of ChangesHello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request addresses a critical runtime panic in the Highlights
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request addresses a potential panic in the mask_secret function when handling secrets with multi-byte UTF-8 characters. The fix correctly replaces byte-level string slicing with character-based iteration, which prevents panics on invalid character boundaries. The included tests for multi-byte strings effectively verify the fix and protect against future regressions. The changes are self-contained and address the described issue.
googleworkspace-bot
added
area: discovery
area: core
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request correctly fixes a panic in mask_secret for multi-byte UTF-8 strings and introduces other security enhancements like atomic file writes and symlink protection. My review includes two key suggestions: one to improve the performance of the new secret masking logic, and a critical fix to prevent blocking I/O in an async function, which could otherwise lead to performance issues.
3 participants
Summary
Fixes a runtime panic in
mask_secret()when a credential string contains multi-byte UTF-8 characters (accented letters, emoji, CJK, etc.) near the masking boundary. Discovered during a security audit (finding M-02).Root Cause
The original code used byte-level slicing (
&s[..4],&s[s.len()-4..]) on Rust&str. Rust strings are UTF-8, where a single character can be 1-4 bytes. If byte offset 4 lands inside a multi-byte character, Rust panics.Fix
3-line change in the function body:
s.len()->s.chars().count()(count characters, not bytes)&s[..4]->s.chars().take(4).collect()(first 4 characters)&s[s.len()-4..]->s.chars().skip(n-4).collect()(last 4 characters)Tests
Added
mask_secret_multibyte_utf8test covering accented Latin, Greek alphabet, and short multi-byte strings. All 64 tests inauth_commandspass with zero regressions.Impact
exporton short stringshandle_export)