Skip to content

[Security] The Professor's Rule: Mask Hardcoded Secrets before AI Analysis #149

Description

@GauravKarakoti
  • Description: "Rule number one: No names, no personal questions, no personal relationships." - The Professor

In any good heist, identity protection is paramount. If the police intercept your communications, they shouldn't find anything useful. In SecureFlow, our "identities" are API keys, JWTs, and database credentials.

Currently, if a developer accidentally commits a real secret (instead of using the .env.example file), our automated PR scanner will pick it up. However, if we pass that raw diff directly to the external LLM via src/ai/flows/developer-receives-ai-security-explanations.ts, we are effectively leaking our own users' secrets to a third-party AI provider's logs. We need to intercept the payload before it leaves the vault.

  • The Plan (Proposed Solution):
    1. The Intercept: Implement a pre-processing regex filter in src/lib/armor/scanner.ts that runs before the prompt is compiled.
    2. The Redaction: Have the filter detect high-entropy strings and known secret formats (e.g., sk-ant-api..., ghp_..., eyJhbGciOi...).
    3. The Mask: Replace these identified secrets with a placeholder like [REDACTED_BY_THE_PROFESSOR] before sending the code snippet to the AI model.
    4. The Safe House: Ensure that when the finding is ultimately saved to the database via Prisma, it only stores the redacted version, guaranteeing that our own database doesn't become a goldmine for attackers.

Metadata

Metadata

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions