Skip to content

feat: add page-aware masking for storage key flows#73

Merged
jamesmontemagno merged 7 commits intomainfrom
feat/issue-20-page-aware-masking
Mar 26, 2026
Merged

feat: add page-aware masking for storage key flows#73
jamesmontemagno merged 7 commits intomainfrom
feat/issue-20-page-aware-masking

Conversation

@jamesmontemagno
Copy link
Member

@jamesmontemagno jamesmontemagno commented Mar 25, 2026
edited
Loading

Summary

  • add page-aware masking for Azure Storage access key and SAS-style pages
  • reuse the existing secrets toggle and run page-aware masking after regex scans, mutation rescans, and trusted interactions
  • tighten title-state handling and label matching safeguards to avoid false positives and preserve masked tooltip state
  • extend the same page-rule pattern to Azure AI Studio key reveal flows and broader Azure Storage SAS/generate flows
  • add focused tests for page-rule URL activation and label-matching helpers

Validation

  • node --check background.js
  • node --check cloak.js
  • node --check common.js
  • node --check popup.js
  • node --test tests/ipaddresses.test.mjs tests/pageSpecificRules.test.mjs
  • manual validation completed for Azure Storage Show key reveal flows

Notes

Closes #20.
Closes #42.
Refs #45.

jamesmontemagno and others added 5 commits March 25, 2026 11:38
@jamesmontemagno
feat: add page-aware masking for storage key flows
54f5b36 
Add a first page-specific masking rule for Azure Storage access key and SAS pages, reuse the existing secrets toggle, and trigger targeted rescans after trusted interactions so reveal flows get re-masked. Also add focused tests for page rule activation helpers.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@jamesmontemagno
fix: tighten page-rule masking safeguards
06ce147 
Protect original title backups during page-rule masking, keep globally matched titles masked during page-rule unmask, and tighten context label matching to avoid substring false positives. Also add focused coverage for page-rule label matching.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@jamesmontemagno
Merge branch 'main' into feat/issue-20-page-aware-masking
21d1e9f
@jamesmontemagno
fix: catch storage key show flows
3ed416a 
Broaden the Azure Storage page rule so long value elements near show/copy controls are treated as sensitive on access key and SAS pages, covering reveal-on-click flows that do not preserve direct label associations.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@jamesmontemagno
fix: widen storage key field discovery
e36ca73 
Broaden Azure Storage page-rule discovery so key fields can be matched through nested labels, nearby show/copy actions in ancestor containers, and longer async reveal windows.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@jamesmontemagno
feat: add page-rule coverage for AI Studio keys
cdec8bc 
Generalize the context-aware page-rule runner so multiple rules can reuse the same matching pattern, extend the Azure Storage rule for SAS generate flows, and add an Azure AI Studio key rule for issue #42.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This was referenced Mar 26, 2026
Merged
Open
Closed
@jamesmontemagno
Merge pull request #74 from microsoft/feat/issue-42-45-page-rules
0a99c38 
feat: extend page-rule masking to AI Studio and SAS flows
@jamesmontemagno jamesmontemagno merged commit 509ed89 into main Mar 26, 2026
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@timheuer timheuer timheuer approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

not masking key value in Azure AI Studio Target specific content by matching portal URL in addition to page-level regex

2 participants

@jamesmontemagno @timheuer