Fixed: Issue report generation now redacts remoteConfigurations connection strings and keeps only the scheme (e.g. sls+https://), so credentials are not exposed in reports.

Co-authored-by: Copilot <copilot@github.com>
2026-04-25 18:38:35 +00:00 · 2026-04-25 17:09:43 +09:00
parent 1ef2955d00
commit b5d054f259
3 changed files with 19 additions and 1 deletions
--- a/src/lib
+++ b/src/lib
--- a/src/modules/features/SettingDialogue/PaneHatch.ts
+++ b/src/modules/features/SettingDialogue/PaneHatch.ts
@@ -137,6 +137,23 @@ export function paneHatch(this: ObsidianLiveSyncSettingTab, paneEl: HTMLElement,
                    pluginConfig.accessKey = REDACTED;
                    pluginConfig.secretKey = REDACTED;
                    const redact = (source: string) => `${REDACTED}(${source.length} letters)`;
+                    const toSchemeOnly = (uri: string) => {
+                        try {
+                            return `${new URL(uri).protocol}//`;
+                        } catch {
+                            const matched = uri.match(/^[A-Za-z][A-Za-z0-9+.-]*:\/\//);
+                            return matched?.[0] ?? REDACTED;
+                        }
+                    };
+                    pluginConfig.remoteConfigurations = Object.fromEntries(
+                        Object.entries(pluginConfig.remoteConfigurations || {}).map(([id, config]) => [
+                            id,
+                            {
+                                ...config,
+                                uri: toSchemeOnly(config.uri),
+                            },
+                        ])
+                    );
                    pluginConfig.region = redact(pluginConfig.region);
                    pluginConfig.bucket = redact(pluginConfig.bucket);
                    pluginConfig.pluginSyncExtendedSetting = {};
--- a/updates.md
+++ b/updates.md
@@ -11,6 +11,7 @@ The head note of 0.25 is now in [updates_old.md](https://github.com/vrtmrz/obsid
 - Fixed a worker-side recursion issue that could raise `Maximum call stack size exceeded` during chunk splitting (related: #855).
 - Improved background worker crash cleanup so pending split/encryption tasks are released cleanly instead of being left in a waiting state (related: #855).
 - On start-up, the selected remote configuration is now applied to runtime connection fields as well, reducing intermittent authentication failures caused by stale runtime settings (related: #855).
+- Issue report generation now redacts `remoteConfigurations` connection strings and keeps only the scheme (e.g. `sls+https://`), so credentials are not exposed in reports.

 ## 0.25.57