test: add minimal comparative evaluation packet#343
Conversation
a4128e4 to
1100ebf
Compare
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 1100ebf120
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| return True | ||
| if kind == "lark_token" and re.search(r"\b(?:oc|ou|on|om)_x+\b", line): | ||
| return True | ||
| if kind == "lark_token" and re.search(r"\bsha256\b", line, re.IGNORECASE): |
There was a problem hiding this comment.
Keep sha256 allowlist from masking real tokens
When a real Lark-style token appears on any line that also contains sha256, this line-level allowlist suppresses every lark_token finding for that line. I checked the scanner path with check_public_safety.py --path on a temporary YAML line containing both a digest and cli_..., and the scan passed, so release/public safety checks can miss a leaked chat/file token placed next to a hash. Please restrict the exception to the hash candidate itself or to well-formed sha256 fields instead of allowing the entire line.
Useful? React with 👍 / 👎.
Summary
Validation