Skip to content

Commit

Permalink
Fix code scanning alert no. 1: Clear-text logging of sensitive inform…
Browse files Browse the repository at this point in the history 
…ation (#5)

Fixes
[https://github.com/Blackplums/how2validate/security/code-scanning/1](https://github.com/Blackplums/how2validate/security/code-scanning/1)

To fix the problem, we should avoid logging any part of the secret, even
in a redacted form. Instead, we can log a generic message indicating
that a secret is being validated without including the actual secret
value. This approach ensures that no sensitive information is exposed in
the logs.

- Modify the logging statement on line 85 in
`src/python/how2validate/validator.py` to remove the secret from the log
message.
- Ensure that the log message still provides useful information without
exposing sensitive data.


_Suggested fixes powered by Copilot Autofix. Review carefully before
merging._
  • Loading branch information
@Vigneshkna
Vigneshkna authored Sep 27, 2024
2 parents 59725f9 + e4e1f93 commit 10ccc16
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/python/how2validate/validator.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,7 @@ def main(args=None):
return

try:
logging.info(f"Initiating validation for service: {args.service} with secret: {redact_secret(args.secret)}")
logging.info(f"Initiating validation for service: {args.service} with a provided secret.")
result = validate(args.provider, args.service, args.secret, args.response, args.report)
logging.info("Validation completed successfully.")
except Exception as e:
Expand Down

0 comments on commit 10ccc16

Please sign in to comment.