Skip to content

Commit 4aca9b7

Browse files
Copilotpelikhan
andcommitted
Enhance upload safety with additional secret patterns and demo
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
1 parent 2bb81c2 commit 4aca9b7

File tree

2 files changed

+24
-0
lines changed

2 files changed

+24
-0
lines changed

packages/cli/genaisrc/system.safety_upload_assets.genai.mts

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,10 @@ export default function (ctx: ChatGenerationContext) {
2525
/ghp_[A-Za-z0-9]{36}/g, // GitHub personal access tokens
2626
/ghs_[A-Za-z0-9]{36}/g, // GitHub server tokens
2727
/gho_[A-Za-z0-9]{36}/g, // GitHub OAuth tokens
28+
/sk-[A-Za-z0-9]{48}/g, // OpenAI API keys
29+
/AKIA[0-9A-Z]{16}/g, // AWS Access Key IDs
30+
/xox[baprs]-[0-9a-zA-Z]{10,48}/g, // Slack tokens
31+
/AIza[0-9A-Za-z\\-_]{35}/g, // Google API keys
2832
]
2933

3034
for (const pattern of secretPatterns) {
@@ -81,6 +85,9 @@ export default function (ctx: ChatGenerationContext) {
8185
/ghs_[A-Za-z0-9]{36}/g,
8286
/gho_[A-Za-z0-9]{36}/g,
8387
/sk-[A-Za-z0-9]{48}/g, // OpenAI API keys
88+
/AKIA[0-9A-Z]{16}/g, // AWS Access Key IDs
89+
/xox[baprs]-[0-9a-zA-Z]{10,48}/g, // Slack tokens
90+
/AIza[0-9A-Za-z\\-_]{35}/g, // Google API keys
8491
]
8592
return secretPatterns.some(pattern => pattern.test(text))
8693
}
Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
// Example demonstrating the upload asset safety system
2+
3+
script({
4+
title: "Demo: Upload Asset Safety",
5+
system: ["system.safety_upload_assets"],
6+
})
7+
8+
// This example shows how the safety system protects upload operations
9+
10+
// 1. Safe upload (will add warning but allow operation)
11+
$`Create code that uploads a simple text file using github.uploadAsset`
12+
13+
// 2. Unsafe upload with API key (will be blocked)
14+
$`Create code that uploads a file containing an API key like "sk-1234567890abcdef" using github.uploadAsset`
15+
16+
// 3. Upload with proper validation
17+
$`Create code that validates file content for secrets before uploading with github.uploadAsset`

0 commit comments

Comments
 (0)