[Security] One-shot token logs partial token values (first 4 chars) to stderr #758
Description
Summary
The one-shot-token LD_PRELOAD library logs the first 4 characters of sensitive tokens to stderr when they are first accessed. In CI environments where stderr is captured in logs, this leaks partial secret values.
Location
containers/agent/one-shot-token/one-shot-token.c, lines 213-234 (format_token_value()) and lines 282-283, 346-347:
static const char *format_token_value(const char *value) {
static char formatted[8];
// ...
snprintf(formatted, sizeof(formatted), "%.4s...", value); // Shows first 4 chars
return formatted;
}
// Called on every first token access:
fprintf(stderr, "[one-shot-token] Token %s accessed and cached (value: %s)\n",
name, format_token_value(token_cache[token_idx]));Example output in CI logs:
[one-shot-token] Token GITHUB_TOKEN accessed and cached (value: ghp_...)
[one-shot-token] Token ANTHROPIC_API_KEY accessed and cached (value: sk-a...)
Risk
- GitHub tokens start with
ghp_,gho_,ghs_- the 4-char prefix already reveals the token type - Combined with the token name, this narrows the search space for brute-force attacks
- CI logs are often accessible to a broader audience than the secrets themselves
- GitHub Actions step summaries and workflow logs persist for 90 days
Proposed Fix
Replace format_token_value() with a fixed-string indicator that doesn't reveal any characters:
fprintf(stderr, "[one-shot-token] Token %s accessed and cached (length: %zu)\n",
name, strlen(token_cache[token_idx]));Or simply remove the value from the log entirely:
fprintf(stderr, "[one-shot-token] Token %s accessed and cached\n", name);Added By
PR #640 (feat: add skip-unset mode to one-shot token library). The Security Guard review flagged this concern.