fix(sponge): guard set -q value[1] before string length to handle unset vars

This commit is contained in:
2026-06-08 22:26:00 -04:00
parent 1637dc3122
commit 8911146d3f
2 changed files with 8 additions and 4 deletions
+4 -3
View File
@@ -89,10 +89,11 @@ function __sponge_register_secret_values --on-event fish_prompt
'(?i)(?:TOKEN|PASSWORD|PASSWD|SECRET|API[_-]KEY|PRIVATE[_-]KEY|ACCESS[_-]KEY|AUTH[_-]KEY|CREDENTIAL|KOPIA_PASSWORD)')
for var in $sensitive_vars
# Take only the first element — array vars yield multiple values which
# would make `test (string length ...)` receive too many arguments.
# Take only the first element — array vars yield multiple values.
set -l value $$var[1]
# Skip empty, short, or path-like values
# If the var is unset or holds an empty list, value has no elements;
# set -q catches that before string length receives zero arguments.
set -q value[1]; or continue
test (string length -- $value) -gt 8; or continue
string match --quiet --regex '^[/~]' -- $value; and continue
set -a secret_values (string escape --style=regex -- $value)
+4 -1
View File
@@ -37,8 +37,11 @@ function sponge_filter_secrets --argument-names command
for var in $sensitive_vars
# Take only the first element — array vars yield multiple values
set -l value $$var[1]
# Guard before string length: if var is unset, value is an empty list
# and string length receives zero arguments, breaking test.
set -q value[1]; or continue
# Skip empty, short, or path-like values — not real credentials
# Skip short or path-like values — not real credentials
test (string length -- $value) -gt 8; or continue
string match --quiet --regex '^[/~]' -- $value; and continue