Potential fix for code scanning alert no. 2: Clear-text logging of sensitive information

[utkarsh232005]

Potential fix for https://github.com/KDM-cli/kdm-cli/security/code-scanning/2

To fix this safely without changing core behavior, sanitize log arguments before printing them, while still preserving captured logs for test assertions.
Best approach in .github/scripts/tests/test-inactivity-bot.cjs:

1. Add a small local redaction helper in runScenario (or nearby) that converts each arg to string and masks common secret patterns (e.g., password, token, apiKey, secret in key=value, JSON-like, or colon-separated forms).
2. Keep capturedLogs.push(...) unchanged so tests continue to observe raw emitted content if needed.
3. Replace originalConsoleLog(...args) and originalConsoleError(...args) with sanitized output (single joined string), so sensitive material is not printed in clear text to terminal/CI logs.

This requires no new dependencies and only edits to the shown test file region around lines 1071–1081.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

[coderabbitai]

Warning

Review limit reached

@utkarsh232005, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 58 minutes and 45 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: ebff99cc-6b1c-44a4-8908-f1e65758765f

📥 Commits

Reviewing files that changed from the base of the PR and between 58b06ec and 4b1853d.

📒 Files selected for processing (1)

• .github/scripts/tests/test-inactivity-bot.cjs

Warning

.coderabbit.yaml has a parsing error

The CodeRabbit configuration file in this repository has a parsing error and default settings were used instead. Please fix the error(s) in the configuration file. You can initialize chat with CodeRabbit to get help with the configuration file.

💥 Parsing errors (2)

Validation error: Invalid input: expected string, received undefined at "reviews.path_instructions[3].path"; Invalid input: expected string, received undefined at "reviews.path_instructions[3].instructions"

⚙️ Configuration instructions

• Please see the configuration documentation for more information.
• You can also validate your configuration using the online YAML validator.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch alert-autofix-2

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

🤖 Hi @utkarsh232005, I've received your request, and I'm working on it now! You can track my progress in the logs for more details.

[codescene-delta-analysis]

Our agent can fix these. Install it.

No application code in the PR — skipped Code Health checks.

Quality Gate Profile: The Bare Minimum
Install CodeScene MCP: safeguard and uplift AI-generated code. Catch issues early with our IDE extension and CLI tool.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!