Skip to content

Enhancement: Clean sensitive data from logs #27

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Enhancement: Clean sensitive data from logs #27

wants to merge 4 commits into from

Conversation

miquelgall
Copy link
Contributor

Summary

  • Remove sensitive credential data from debug logs to prevent accidental exposure
  • Sanitize two debug log statements that were logging tokens and credentials via JSON.stringify
  • Version bump to 1.5.1

Changes

  • Token request log (line 199-201): Removed JSON.stringify of callProcedureData, now logs "Requesting token for application {applicationKey}"
  • Proxy creation log (line 387-389): Removed JSON.stringify of OFSCredentials (containing baseURL and token), now logs "Creating proxy with provided credentials"

Benefits

  • Improved security posture by preventing credential leaks in logs
  • Reduces risk of accidental exposure of API tokens
  • Compliance with data protection best practices

Test Plan

  • Verify application functionality remains unchanged
  • Confirm debug logs no longer expose sensitive credentials
  • Test token request flow
  • Test proxy creation flow

Closes #26

@miquelgall
Remove sensitive credential data from debug logs
a884a57 
Sanitize debug logs to prevent accidental exposure of tokens and credentials by removing JSON.stringify calls that were logging OFSCredentials and callProcedureData objects.
@miquelgall
1.5.1
fdafcbd
@miquelgall miquelgall linked an issue Oct 6, 2025 that may be closed by this pull request
Enhancement: Clean sensitive data from logs #26
Open
@oracle-contributor-agreement oracle-contributor-agreement bot added the OCA Verified All contributors have signed the Oracle Contributor Agreement. label Oct 6, 2025
@miquelgall miquelgall requested a review from btoron October 6, 2025 18:13
@miquelgall
Sanitize message logging to prevent token exposure
2a9a2f1 
Move message logging from generic handler to specific message type handlers to prevent logging sensitive data like tokens from callProcedureResult responses. This ensures getAccessToken responses are never logged with their token data.

Changes:
- Modified _getWebMessage to log only message method, not full data
- Added specific debug logging in each message handler (init, open, updateResult, callProcedureResult, wakeup, error)
- callProcedureResult handler logs only callId, not response data
- Removed JSON.stringify from token response error log to avoid exposing token
@miquelgall
1.5.2
a0d5c57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@btoron btoron Awaiting requested review from btoron

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

OCA Verified All contributors have signed the Oracle Contributor Agreement.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Enhancement: Clean sensitive data from logs

1 participant

@miquelgall