fdb6939015
MEDIUM info-disclosure: run_json_strict + run_void formatted error messages with full argv + full stderr. Today argv has no secrets (env-only per RULE 0.8) but: - Future refactor could pass --api-key inline → secret in logs - vultr-cli stderr echoes request URLs with query params → enumeration Fix: - redact_args() → "bin_name <N args>" (argv hidden) - truncate_stderr() → first 200 chars + "... (truncated)", UTF-8 safe - Docstring: // DO NOT pass secrets as CLI args — env-only per RULE 0.8 Tests: 11/11 (was 8, +3: redaction asserts no argv in error, stderr truncation + Cyrillic UTF-8 safety) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| src | ||
| tests | ||
| Cargo.toml | ||