harald/zeroclaw
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 4

Merge pull request #882 from agorevski/fix/hardcoded-crypto-test-values-v2

Browse source 
fix(security): replace hard-coded crypto test values with runtime-generate secrets
This commit is contained in:
Alex Gorevski 2026-02-18 21:11:23 -08:00 committed by GitHub
commit bbbcd06cca
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 63 additions and 44 deletions
Download patch file Download diff file Expand all files Collapse all files

1
src/channels/irc.rs
View file

@ -455,6 +455,7 @@ impl Channel for IrcChannel {
"AUTHENTICATE" => {
// Server sends "AUTHENTICATE +" to request credentials
if sasl_pending && msg.params.first().is_some_and(|p| p == "+") {
// sasl_password is loaded from runtime config, not hard-coded
if let Some(password) = self.sasl_password.as_deref() {
let encoded = encode_sasl_plain(&current_nick, password);
let mut guard = self.writer.lock().await;