diff --git a/packages/core/src/services/environmentSanitization.test.ts b/packages/core/src/services/environmentSanitization.test.ts index dcf665f88e..cdee3330b9 100644 --- a/packages/core/src/services/environmentSanitization.test.ts +++ b/packages/core/src/services/environmentSanitization.test.ts @@ -370,15 +370,16 @@ describe('getSecureSanitizationConfig', () => { ); }); - it('should filter out variables from allowed list that match NEVER_ALLOWED_NAME_PATTERNS', () => { + it('should not filter out variables from allowed list that match NEVER_ALLOWED_NAME_PATTERNS', () => { const requestedConfig = { - allowedEnvironmentVariables: ['SAFE_VAR', 'MY_SECRET_TOKEN'], + allowedEnvironmentVariables: ['SAFE_VAR', 'MY_SECRET_TOKEN', 'GH_TOKEN'], }; const config = getSecureSanitizationConfig(requestedConfig); expect(config.allowedEnvironmentVariables).toContain('SAFE_VAR'); - expect(config.allowedEnvironmentVariables).not.toContain('MY_SECRET_TOKEN'); + expect(config.allowedEnvironmentVariables).toContain('MY_SECRET_TOKEN'); + expect(config.allowedEnvironmentVariables).toContain('GH_TOKEN'); }); it('should deduplicate variables in allowed and blocked lists', () => { diff --git a/packages/core/src/services/environmentSanitization.ts b/packages/core/src/services/environmentSanitization.ts index 909a3518b1..da116d3a86 100644 --- a/packages/core/src/services/environmentSanitization.ts +++ b/packages/core/src/services/environmentSanitization.ts @@ -214,12 +214,6 @@ export function getSecureSanitizationConfig( if (NEVER_ALLOWED_ENVIRONMENT_VARIABLES.has(upperKey)) { return false; } - // Never allow variables that match sensitive name patterns - for (const pattern of NEVER_ALLOWED_NAME_PATTERNS) { - if (pattern.test(upperKey)) { - return false; - } - } return true; });