From 0ad6beb27ba95476535182890ae2783db7be164b Mon Sep 17 00:00:00 2001 From: James Chao Date: Tue, 14 Jul 2026 00:20:11 -0700 Subject: [PATCH 1/7] Revert "Potential fix for pull request finding 'CodeQL / Clear-text logging of sensitive information'" This reverts commit e98851e1b577d5432755aab4ed500d6678f590fc. --- common/log_fields.go | 69 ++++++++++---------------------------------- 1 file changed, 15 insertions(+), 54 deletions(-) diff --git a/common/log_fields.go b/common/log_fields.go index 4cb96ba..da4d6ba 100644 --- a/common/log_fields.go +++ b/common/log_fields.go @@ -20,7 +20,6 @@ package common import ( "maps" "slices" - "strings" log "github.com/sirupsen/logrus" ) @@ -46,70 +45,32 @@ var ( } ) -func isSensitiveLogKey(k string) bool { - key := strings.ToLower(k) - return strings.Contains(key, "passphrase") || - strings.Contains(key, "password") || - strings.Contains(key, "passwd") || - strings.Contains(key, "token") || - strings.Contains(key, "authorization") || - strings.Contains(key, "cookie") || - strings.Contains(key, "secret") || - strings.Contains(key, "apikey") || - strings.Contains(key, "api_key") -} - -func sanitizeLogValue(k string, v interface{}) interface{} { - if isSensitiveLogKey(k) { - return "****" - } - - switch ty := v.(type) { - case map[string]string: - redacted := map[string]string{} - for mk, mv := range ty { - if isSensitiveLogKey(mk) || k == "header" { - redacted[mk] = "****" - } else { - redacted[mk] = mv - } - } - return redacted - case map[string]interface{}: - redacted := map[string]interface{}{} - for mk, mv := range ty { - redacted[mk] = sanitizeLogValue(mk, mv) - } - return redacted - case []interface{}: - redacted := make([]interface{}, len(ty)) - for i, iv := range ty { - redacted[i] = sanitizeLogValue(k, iv) - } - return redacted - default: - return ty - } -} - func FilterLogFields(src log.Fields, excludes ...string) log.Fields { fields := log.Fields{} for k, v := range src { switch ty := v.(type) { + case map[string]string: + if k == "header" { + redacted := map[string]string{} + for hk := range ty { + redacted[hk] = "****" + } + fields[k] = redacted + } else { + fields[k] = maps.Clone(ty) + } + case map[string]interface{}: + fields[k] = maps.Clone(ty) case string: if slices.Contains(nonEmptyFields, k) { if len(ty) > 0 { - fields[k] = sanitizeLogValue(k, ty) + fields[k] = ty } } else { - fields[k] = sanitizeLogValue(k, ty) + fields[k] = ty } - case map[string]string: - fields[k] = sanitizeLogValue(k, maps.Clone(ty)) - case map[string]interface{}: - fields[k] = sanitizeLogValue(k, maps.Clone(ty)) default: - fields[k] = sanitizeLogValue(k, ty) + fields[k] = ty } } From f6f787415124703677855824cd5ca5ddc49824fb Mon Sep 17 00:00:00 2001 From: James Chao Date: Tue, 14 Jul 2026 00:20:33 -0700 Subject: [PATCH 2/7] Revert "Potential fix for pull request finding 'CodeQL / Clear-text logging of sensitive information'" This reverts commit dbb2aad332b9676fe224a7ba2a66c558a69ed359. --- common/log_fields.go | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/common/log_fields.go b/common/log_fields.go index da4d6ba..4bbed90 100644 --- a/common/log_fields.go +++ b/common/log_fields.go @@ -50,15 +50,7 @@ func FilterLogFields(src log.Fields, excludes ...string) log.Fields { for k, v := range src { switch ty := v.(type) { case map[string]string: - if k == "header" { - redacted := map[string]string{} - for hk := range ty { - redacted[hk] = "****" - } - fields[k] = redacted - } else { - fields[k] = maps.Clone(ty) - } + fields[k] = maps.Clone(ty) case map[string]interface{}: fields[k] = maps.Clone(ty) case string: From 375e41343a98f8ab75b9b03317670df101b391e1 Mon Sep 17 00:00:00 2001 From: James Chao Date: Tue, 14 Jul 2026 00:20:52 -0700 Subject: [PATCH 3/7] Revert "Potential fix for pull request finding 'CodeQL / Clear-text logging of sensitive information'" This reverts commit f3f60c5a821f9063875da30b3e5f547aa4a72c63. --- util/dict.go | 23 ++++------------------- 1 file changed, 4 insertions(+), 19 deletions(-) diff --git a/util/dict.go b/util/dict.go index 19e4e8d..9ef4b97 100644 --- a/util/dict.go +++ b/util/dict.go @@ -211,36 +211,21 @@ func (d Dict) Update(itf interface{}) { } } -func isSafeHeaderKey(key string) bool { +func isSensitiveHeaderKey(key string) bool { k := strings.ToLower(strings.TrimSpace(key)) - switch k { - case "accept", - "accept-encoding", - "accept-language", - "cache-control", - "connection", - "content-length", - "content-type", - "host", - "pragma", - "user-agent": + if k == "authorization" || k == "proxy-authorization" || k == "cookie" || k == "set-cookie" { return true - default: - return false } + return strings.Contains(k, "token") || strings.Contains(k, "secret") || strings.Contains(k, "apikey") || strings.Contains(k, "api-key") || strings.Contains(k, "key") } func HeaderToMap(header http.Header) map[string]string { m := make(map[string]string) for k, v := range header { - if !isSafeHeaderKey(k) { + if isSensitiveHeaderKey(k) { m[k] = "****" continue } - if len(v) == 0 { - m[k] = "" - continue - } m[k] = v[0] } return m From 360c1c3c73fc357688f4bc9432252f976cf4c5e8 Mon Sep 17 00:00:00 2001 From: James Chao Date: Tue, 14 Jul 2026 00:21:17 -0700 Subject: [PATCH 4/7] Revert "Potential fix for pull request finding 'CodeQL / Clear-text logging of sensitive information'" This reverts commit d1d71813d1ae398e8f35ce01b4e63b7fc01ba29c. --- http/webconfig_server.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/http/webconfig_server.go b/http/webconfig_server.go index fe101c1..69f8ad6 100644 --- a/http/webconfig_server.go +++ b/http/webconfig_server.go @@ -1063,7 +1063,7 @@ func (s *WebconfigServer) ForwardSuccessKafkaMessages(messages []common.EventMes for _, m := range messages { if len(m.DeviceId) != 16 { - log.WithFields(tfields).Warn("invalid device_id") + log.WithFields(tfields).Warn("invalid device_id " + m.DeviceId) continue } mac := m.DeviceId[4:] @@ -1083,8 +1083,8 @@ func (s *WebconfigServer) ForwardSuccessKafkaMessages(messages []common.EventMes } s.Input() <- outMessage - tfields["output_key"] = "****" - tfields["output_body"] = "omitted" + tfields["output_key"] = mac + tfields["output_body"] = m log.WithFields(tfields).Info("send") } } From f97dfea1b7237042b20a462e094b1ad2ea36e9f8 Mon Sep 17 00:00:00 2001 From: James Chao Date: Tue, 14 Jul 2026 00:21:35 -0700 Subject: [PATCH 5/7] Revert "Potential fix for pull request finding 'CodeQL / Clear-text logging of sensitive information'" This reverts commit df0fb2f12dfd3fd0a5bc3938a0807beb3d021a8a. --- util/dict.go | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/util/dict.go b/util/dict.go index 9ef4b97..fb8d570 100644 --- a/util/dict.go +++ b/util/dict.go @@ -19,7 +19,6 @@ package util import ( "net/http" - "strings" "time" log "github.com/sirupsen/logrus" @@ -211,21 +210,9 @@ func (d Dict) Update(itf interface{}) { } } -func isSensitiveHeaderKey(key string) bool { - k := strings.ToLower(strings.TrimSpace(key)) - if k == "authorization" || k == "proxy-authorization" || k == "cookie" || k == "set-cookie" { - return true - } - return strings.Contains(k, "token") || strings.Contains(k, "secret") || strings.Contains(k, "apikey") || strings.Contains(k, "api-key") || strings.Contains(k, "key") -} - func HeaderToMap(header http.Header) map[string]string { m := make(map[string]string) for k, v := range header { - if isSensitiveHeaderKey(k) { - m[k] = "****" - continue - } m[k] = v[0] } return m From 0dc5411ade83d2edbc3712b74b1a28fb86cafdd6 Mon Sep 17 00:00:00 2001 From: James Chao Date: Tue, 14 Jul 2026 00:40:53 -0700 Subject: [PATCH 6/7] partially reverted 386080b72d4f49db4a51d16989a39c862d048072 --- http/webconfig_server.go | 1 - 1 file changed, 1 deletion(-) diff --git a/http/webconfig_server.go b/http/webconfig_server.go index 69f8ad6..9bf1a9d 100644 --- a/http/webconfig_server.go +++ b/http/webconfig_server.go @@ -1093,7 +1093,6 @@ func (s *WebconfigServer) LogToken(xw *XResponseWriter, authorization, token str fields := xw.Audit() fields["logger"] = "token" tfields := common.FilterLogFields(fields) - delete(tfields, "header") var headerMap map[string]string var isObfuscated bool if itf, ok := tfields["header"]; ok { From 5e2e9d2a0a7f4042a4b9f5710c69233b85038572 Mon Sep 17 00:00:00 2001 From: James Chao Date: Tue, 14 Jul 2026 00:58:50 -0700 Subject: [PATCH 7/7] add guardrail for HeaderToMap() --- util/dict.go | 4 ++++ util/dict_test.go | 14 +++++++++++++- 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/util/dict.go b/util/dict.go index fb8d570..f7d234e 100644 --- a/util/dict.go +++ b/util/dict.go @@ -213,6 +213,10 @@ func (d Dict) Update(itf interface{}) { func HeaderToMap(header http.Header) map[string]string { m := make(map[string]string) for k, v := range header { + if len(v) == 0 { + m[k] = "" + continue + } m[k] = v[0] } return m diff --git a/util/dict_test.go b/util/dict_test.go index a1ed7c8..a036e34 100644 --- a/util/dict_test.go +++ b/util/dict_test.go @@ -14,7 +14,7 @@ * limitations under the License. * * SPDX-License-Identifier: Apache-2.0 -*/ + */ package util import ( @@ -144,3 +144,15 @@ func TestHeaderToMap(t *testing.T) { m := HeaderToMap(header) assert.DeepEqual(t, m, expected) } + +func TestHeaderToMapEmptyValueSlice(t *testing.T) { + // A header key present with no values should not panic and should map to "". + header := http.Header{ + "Content-Type": {"application/json"}, + "X-Empty": {}, + } + + m := HeaderToMap(header) + assert.Equal(t, m["Content-Type"], "application/json") + assert.Equal(t, m["X-Empty"], "") +}