From 0e31e0953458cf8fa772ff70313628d21604258d Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 12 Feb 2026 20:38:28 +0000
Subject: [PATCH 1/2] Initial plan


From 8c49fecb4eef78525aba5e77cf8a5cf89720c9bf Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 12 Feb 2026 20:49:57 +0000
Subject: [PATCH 2/2] Fix secret redaction test to use full redaction format

The test was expecting partial redaction (abc***) but the correct
security behavior is full redaction (***REDACTED***) to prevent
information disclosure (CWE-200). Updated test to match the secure
implementation.

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
---
 actions/setup/js/redact_secrets.test.cjs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/actions/setup/js/redact_secrets.test.cjs b/actions/setup/js/redact_secrets.test.cjs
index 09d0905dc35..dcbcf2ad687 100644
--- a/actions/setup/js/redact_secrets.test.cjs
+++ b/actions/setup/js/redact_secrets.test.cjs
@@ -106,7 +106,7 @@ describe("redact_secrets.cjs", () => {
           const secretValue = "abc123";
           (fs.writeFileSync(testFile, `Secret: ${secretValue} test`), (process.env.GH_AW_SECRET_NAMES = "SIX_CHAR_SECRET"), (process.env.SECRET_SIX_CHAR_SECRET = secretValue));
           const modifiedScript = redactScript.replace('findFiles("/tmp/gh-aw", targetExtensions)', `findFiles("${tempDir.replace(/\\/g, "\\\\")}", targetExtensions)`);
-          (await eval(`(async () => { ${modifiedScript}; await main(); })()`), expect(fs.readFileSync(testFile, "utf8")).toBe("Secret: abc*** test"));
+          (await eval(`(async () => { ${modifiedScript}; await main(); })()`), expect(fs.readFileSync(testFile, "utf8")).toBe("Secret: ***REDACTED*** test"));
         }),
         it("should handle multiple secrets in same file", async () => {
           const testFile = path.join(tempDir, "test.txt"),