File tree Expand file tree Collapse file tree 1 file changed +15
-0
lines changed Expand file tree Collapse file tree 1 file changed +15
-0
lines changed Original file line number Diff line number Diff line change @@ -1015,6 +1015,21 @@ def _stream_url_to_cache(
10151015 if total_size_int :
10161016 total_mb = total_size_int / (1024 * 1024 )
10171017 percent = (downloaded_bytes / total_size_int ) * 100
1018+ #sanitized -- strip query params, mask secrets
1019+ def _sanitize_filename_value (filename : str ) -> str :
1020+ # Remove query params (everything after '?'), and mask common secrets if present
1021+ clean_fn = filename .split ("?" )[0 ]
1022+ # Mask api_key, service_secret if present in name
1023+ for secret_pattern in ["api_key=" , "service_secret=" ]:
1024+ if secret_pattern in clean_fn :
1025+ clean_fn = clean_fn .replace (secret_pattern , f"{ secret_pattern } )
1026+ # If there remain obvious secrets (long hex strings), replace
1027+ import re
1028+ clean_fn = re .sub (r'[A-Za-z0-9]{32,}' , '***' , clean_fn )
1029+ return clean_fn
1030+
1031+
1032+ safe_filename = _sanitize_filename_value (filename )
10181033 progress_msg = (
10191034 f"Downloading { filename } { downloaded_mb :.1f}
10201035 f"Downloading { safe_filename } { downloaded_mb :.1f}
You can’t perform that action at this time.
0 commit comments