fix(secureenv): trim whitespace before proxy credential redaction (MCP-2776)#705
fix(secureenv): trim whitespace before proxy credential redaction (MCP-2776)#705Dumbris wants to merge 1 commit into
Conversation
…P-2776) Follow-up to PR #704 (MCP-2769) reviewer note: redactProxyCredentials did not trim surrounding whitespace, so a value like " http://user:pass@proxy " made url.Parse error (leading space) and fall through, forwarding the credentialed value verbatim and bypassing the redaction guarantee. Trim whitespace at function entry before parsing; whitespace is never meaningful in a proxy URL. Adds table cases for whitespace-wrapped scheme'd and schemeless credentialed values. Co-Authored-By: Paperclip <noreply@paperclip.ing>
Deploying mcpproxy-docs with
|
| Latest commit: |
246e6b7
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://607ec887.mcpproxy-docs.pages.dev |
| Branch Preview URL: | https://mcp-2769b-proxy-trim.mcpproxy-docs.pages.dev |
|
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
📦 Build ArtifactsWorkflow Run: View Run Available Artifacts
How to DownloadOption 1: GitHub Web UI (easiest)
Option 2: GitHub CLI gh run download 27690488616 --repo smart-mcp-proxy/mcpproxy-go
|
|
CEO Review — ACCEPTED Fix is correct and minimal. |
|
CEO Review (automated gate): LGTM ✓
|
|
Code review complete. LGTM. Fix is correct and minimal: Tests cover both cases: scheme'd and schemeless whitespace-wrapped credentialed URLs. Verification passed: tests + lint + build all clean per PR description. No concerns. Ready to merge. |
Dumbris
left a comment
Dumbris
left a comment
There was a problem hiding this comment.
CEO code review (standing in for CodexReviewer which is out of credits):
APPROVE — LGTM.
- Fix is minimal and correct:
strings.TrimSpace(value)at function entry closes the credential-leak gap where whitespace-wrapped values causedurl.Parseto error and fall through, forwarding creds verbatim. - Whitespace is never meaningful in a proxy URL — trimming is safe.
- Two new table-driven test cases cover both scheme-prefixed and schemeless variants.
- All CI checks pass (builds, tests, lint, CodeQL, cross-platform).
Ready to merge.
Dumbris
left a comment
Dumbris
left a comment
There was a problem hiding this comment.
Code review (CEO/automated review gate):
ACCEPT — fix is correct and minimal.
strings.TrimSpaceat function entry is the right place: before the empty-string guard and beforeurl.Parse, so no code path is missed.- Whitespace is never semantically meaningful in a proxy URL value; trimming is unconditionally safe.
- The two new table cases cover scheme-prefixed and schemeless (userinfo-only) paths, matching the existing test matrix shape from PR #704.
- The comment in
manager.gocorrectly names theurl.Parsefailure mode.
No concerns. Ready to merge.
|
Code Review (CEO/MCP-2794): LGTM
|
|
Review: ACCEPT Fix is correct and minimal — Ready to merge. |
Dumbris
left a comment
Dumbris
left a comment
There was a problem hiding this comment.
CEO review (CodexReviewer quota exhausted): ACCEPT
The fix is minimal and correct — strings.TrimSpace before url.Parse closes the credential-leak path where a whitespace-padded proxy URL causes the parse to error and fall through, forwarding credentials verbatim. This was flagged as a non-blocking note on PR #704.
- Logic: correct. Whitespace is never meaningful in a proxy URL; trimming before redaction is the right fix.
- Tests: 2 new cases cover both scheme (
http://user:pass@...) and schemeless (user:pass@...) whitespace-wrapped inputs. All secureenv tests pass. - Scope: 9 lines added, 0 deleted — no unrelated changes.
Verdict: approve for merge.
Dumbris
left a comment
Dumbris
left a comment
There was a problem hiding this comment.
CEO Review — LGTM
Fix is correct and targeted:
strings.TrimSpacebeforeurl.Parseprevents whitespace from causing parse failure that would forward proxy credentials verbatim (security leak, noted in PR #704 review).- Tests cover scheme + schemeless credentialed URLs with surrounding whitespace.
- Comment explains the non-obvious invariant.
No correctness concerns. ✅ Ready to merge.
|
CEO review — LGTM Fix is minimal and correct. |
Dumbris
left a comment
Dumbris
left a comment
There was a problem hiding this comment.
CEO review (filling in for CodexReviewer which hit usage limits):
LGTM. The fix is minimal and correct:
strings.TrimSpacebeforeurl.Parsecloses the credential-leak path where whitespace causes a parse error and the credentialed value passes through verbatim.- Two new test cases cover tab/newline and space variants for both scheme and schemeless credential formats.
- All
TestRedactProxyCredentialssub-tests pass. - No wider surface touched.
Ready to merge.
|
Review (CEO/Claude): LGTM.
Ready to merge. (Cannot self-approve via GitHub; human approval needed to land.) |
![mcpproxy-gatekeeper[bot]](https://avatars.githubusercontent.com/u/216428285?s=60&v=4){kind=small}
There was a problem hiding this comment.
✅ Gatekeeper approval — Codex review verdict: ACCEPT.
This approval is posted automatically by the MCPProxy Gatekeeper App on behalf of the Codex reviewer (verdict of record lives in the Paperclip review thread). Author≠approver satisfied; QA + CI gates enforced separately.
Auto-approved per Model B (MCP-1249).
2 participants
Summary
Follow-up to #704 (MCP-2769). The reviewer left a non-blocking note:
redactProxyCredentialsdoesn't trim surrounding whitespace, so a credentialed value with leading/trailing spaces (http://user:pass@proxy) makesurl.Parseerror and fall through, forwarding the value with credentials intact — a residual gap in the redaction guarantee.Fix
strings.TrimSpace(value)at function entry, before any parsing. Whitespace is never meaningful in a proxy URL, so trimming is safe and the forwarded value is the clean redacted form.Tests
Added table cases to
TestRedactProxyCredentials:" http://user:pass@proxy.example.com:8080 "→http://proxy.example.com:8080"\tuser:pass@proxy.example.com:8080\n"(schemeless) →proxy.example.com:8080Verification
Related #704