From da4f15cddccbccf60ca1ebb19ed0532328c63750 Mon Sep 17 00:00:00 2001 From: sprmn24 Date: Thu, 14 May 2026 22:28:43 +0300 Subject: [PATCH] fix(cron): log and redact on secrets-redaction failure If redact_sensitive_text() raises or fails to import, stdout/stderr were silently left unredacted and could leak API keys or tokens into cron job delivery messages and logs. Replace bare with a warning log and replace both outputs with '[REDACTED - redaction failed]' to prevent leaks. Root cause: silent exception swallow in _run_job_script() Impact: potential secrets leak in cron job output delivery --- cron/scheduler.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/cron/scheduler.py b/cron/scheduler.py index 479a489d7c1..eb43196a7dd 100644 --- a/cron/scheduler.py +++ b/cron/scheduler.py @@ -1648,8 +1648,10 @@ def _run_job_script(script_path: str) -> tuple[bool, str]: from agent.redact import redact_sensitive_text stdout = redact_sensitive_text(stdout) stderr = redact_sensitive_text(stderr) - except Exception: - pass + except Exception as e: + logger.warning("Failed to redact sensitive text from output: %s", e) + stdout = "[REDACTED - redaction failed]" + stderr = "[REDACTED - redaction failed]" if result.returncode != 0: parts = [f"Script exited with code {result.returncode}"]