Skip to content

Validate credential whitespace before storing#267

Open
RitwijParmar wants to merge 2 commits into
agentspan-ai:mainfrom
RitwijParmar:ritwij/validate-credential-whitespace
Open

Validate credential whitespace before storing#267
RitwijParmar wants to merge 2 commits into
agentspan-ai:mainfrom
RitwijParmar:ritwij/validate-credential-whitespace

Conversation

@RitwijParmar

@RitwijParmar RitwijParmar commented May 26, 2026

Copy link
Copy Markdown

Summary

  • reject credentials with newlines, tabs, control chars, or surrounding whitespace before they reach OkHttp Authorization headers
  • apply the validation in CLI credentials set, REST create/update, and startup env seeding
  • add regression coverage for CLI validation, REST validation, and env import skipping

Fixes #260

Verification

  • Blocked locally: ./gradlew test --tests dev.agentspan.runtime.controller.CredentialControllerTest --tests dev.agentspan.runtime.credentials.CredentialEnvSeederTest could not run because this shell has no Java runtime installed.
  • Blocked locally: go test ./cmd -run 'TestCredentials(Set|List|Delete|Bind|Bindings|Bearer|NoAuth)' could not run because go is not installed on PATH.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Cryptic 'Unexpected char 0x0a in Authorization value' when credential contains whitespace

1 participant