James main dev 01#328
Merged
Merged
Conversation
…ogging of sensitive information'" This reverts commit e98851e.
…ogging of sensitive information'" This reverts commit dbb2aad.
…ogging of sensitive information'" This reverts commit f3f60c5.
…ogging of sensitive information'" This reverts commit d1d7181.
…ogging of sensitive information'" This reverts commit df0fb2f.
There was a problem hiding this comment.
Pull request overview
This PR adjusts request/header logging and Kafka producer logging behavior, and adds a unit test for a header edge case.
Changes:
- Removed redaction/sanitization logic from
util.HeaderToMapandcommon.FilterLogFields, resulting in more raw data being preserved in log fields. - Expanded Kafka producer logging in
ForwardSuccessKafkaMessagesto include the derived MAC key and full message body, and included the invaliddevice_idvalue in the warning message. - Added a unit test to ensure
HeaderToMaphandles headers with an empty value slice without panicking.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| util/dict.go | Removes header key allowlist redaction in HeaderToMap while keeping empty-slice handling. |
| util/dict_test.go | Adds coverage for HeaderToMap when a header key has an empty value slice. |
| http/webconfig_server.go | Logs more Kafka message details and changes token/header logging behavior. |
| common/log_fields.go | Removes sensitive-field sanitization from FilterLogFields and switches to shallow cloning for maps. |
Comments suppressed due to low confidence (2)
util/dict.go:221
- HeaderToMap now returns raw values for all headers. When used for request logging (e.g., webconfig_server.logRequestStarts), this can leak sensitive headers like Cookie/Set-Cookie if they are not in the ignored header list. Consider redacting sensitive header keys here while keeping the empty-slice guard.
func HeaderToMap(header http.Header) map[string]string {
m := make(map[string]string)
for k, v := range header {
if len(v) == 0 {
m[k] = ""
continue
}
m[k] = v[0]
}
http/webconfig_server.go:1100
- LogToken now keeps the request header map in tfields. With HeaderToMap/FilterLogFields no longer redacting by default, this can expose sensitive headers (notably Cookie/Set-Cookie). Consider explicitly redacting these here in addition to obfuscating Authorization.
tfields := common.FilterLogFields(fields)
var headerMap map[string]string
var isObfuscated bool
if itf, ok := tfields["header"]; ok {
headerMap = itf.(map[string]string)
if len(headerMap) > 0 {
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.