binarywang · vasiliy-mikhailov · Jun 24, 2026 · chatgpt-codex-connector · Jun 24, 2026 · augmentcode
diff --git a/weixin-java-common/src/main/java/me/chanjar/weixin/common/util/DataUtils.java b/weixin-java-common/src/main/java/me/chanjar/weixin/common/util/DataUtils.java
@@ -18,7 +18,7 @@ public class DataUtils {
   public static <E> E handleDataWithSecret(E data) {
     E dataForLog = data;
     if(data instanceof String && StringUtils.contains((String)data, "&secret=")){
-      dataForLog = (E) RegExUtils.replaceAll((String)data,"&secret=\\w+&","&secret=******&");
+      dataForLog = (E) RegExUtils.replaceAll((String)data,"&secret=\\w+","&secret=******");
     }
     return dataForLog;
   }

diff --git a/weixin-java-common/src/test/java/me/chanjar/weixin/common/util/DataUtilsTest.java b/weixin-java-common/src/test/java/me/chanjar/weixin/common/util/DataUtilsTest.java
@@ -19,4 +19,13 @@ public void testHandleDataWithSecret() {
     final String s = DataUtils.handleDataWithSecret(data);
     assertTrue(s.contains("&secret=******&"));
   }
+
+  @Test
+  public void testHandleDataWithSecretAtEnd() {
+    // Secret is the last parameter in the query string, so there is no trailing &
+    String data = "appid=wx123&secret=abc123";
+    final String s = DataUtils.handleDataWithSecret(data);
+    assertFalse(s.contains("abc123"), "Secret at the end of the string should be masked");
+    assertTrue(s.contains("secret=******"), "Secret should be replaced with asterisks");
+  }
 }