didericis/bot-bottle
1
0
Fork 0
Code Issues 7 Pull Requests 15 Actions Packages Projects Releases Wiki Activity

PRD: LOG_FULL egress logging credential redaction #264

Merged
didericis merged 2 commits from fix-log-full-credential-redaction into main 2026-06-25 00:47:06 -04:00
Conversation 1 Commits 2 Files Changed 3
+374 -4
didericis-claude commented 2026-06-24 22:40:33 -04:00
Collaborator
Copy Link
Copy Source

Closes #257.

PRD

Summary

  • _log_request was logging the sidecar-injected upstream Authorization header verbatim — a live bearer token written to stderr on every allowed request under LOG_FULL.
  • Neither _log_request nor _log_response passed header values or bodies through redact_tokens, so recognized token patterns and provisioned secrets appeared in plaintext in full logs.

Fix

  • Strip the authorization header entirely from _log_request output (it is always a live sidecar-injected credential by the time the log call runs).
  • Apply redact_tokens(value, env=os.environ) to all remaining header values in both _log_request and _log_response.
  • Apply redact_tokens(body, env=os.environ) to request and response bodies in both log functions.
  • 14 new unit tests in tests/unit/test_egress_addon_log_redaction.py cover each case (auth header stripped, body redacted, header value redacted) for both request and response paths.
Closes #257. [PRD](https://gitea.dideric.is/didericis/bot-bottle/src/commit/0661464a582a6bec0882191a7064325245bb277e/docs/prds/prd-new-log-full-credential-redaction.md) ## Summary - `_log_request` was logging the sidecar-injected upstream `Authorization` header verbatim — a live bearer token written to stderr on every allowed request under `LOG_FULL`. - Neither `_log_request` nor `_log_response` passed header values or bodies through `redact_tokens`, so recognized token patterns and provisioned secrets appeared in plaintext in full logs. ## Fix - Strip the `authorization` header entirely from `_log_request` output (it is always a live sidecar-injected credential by the time the log call runs). - Apply `redact_tokens(value, env=os.environ)` to all remaining header values in both `_log_request` and `_log_response`. - Apply `redact_tokens(body, env=os.environ)` to request and response bodies in both log functions. - 14 new unit tests in `tests/unit/test_egress_addon_log_redaction.py` cover each case (auth header stripped, body redacted, header value redacted) for both request and response paths.
didericis force-pushed fix-log-full-credential-redaction from 0661464a58 to 1f96619c6a 2026-06-24 23:04:29 -04:00 Compare
didericis force-pushed fix-log-full-credential-redaction from aa559557ab to f5fdc0ea72 2026-06-25 00:15:52 -04:00 Compare
didericis added 2 commits 2026-06-25 00:32:49 -04:00
fix(egress): strip injected Authorization and redact bodies in LOG_FULL path 9b929d0684 
_log_request and _log_response wrote headers and bodies to stderr verbatim.
_log_request also included the sidecar-injected upstream Authorization value,
exposing live bearer tokens on every allowed request under LOG_FULL.

Apply redact_tokens to all header values and bodies in both log functions;
exclude the authorization header from _log_request entirely since its value
is always a live sidecar-injected credential by the time _log_request runs.

Closes #257
fix: satisfy pyright for log redaction tests
test / integration (pull_request) Successful in 29s
Details
prd-number / assign-numbers (push) Successful in 1m6s
Details
Update Quality Badges / update-badges (push) Successful in 1m40s
Details
test / unit (pull_request) Successful in 52s
Details
lint / lint (push) Successful in 2m20s
Details
test / unit (push) Successful in 50s
Details
test / integration (push) Successful in 27s
Details
e7dacf7d86
didericis force-pushed fix-log-full-credential-redaction from f5fdc0ea72 to e7dacf7d86 2026-06-25 00:32:49 -04:00 Compare
didericis approved these changes 2026-06-25 00:46:57 -04:00
didericis merged commit e7dacf7d86 into main 2026-06-25 00:47:06 -04:00
didericis deleted branch fix-log-full-credential-redaction 2026-06-25 00:47:07 -04:00
Sign in to join this conversation.
Reviewers
No Reviewers
didericis
Labels
Clear labels
Compat/Breaking
Breaking change that won't be backward compatible
 Kind/Bug
Something is not working
 Kind/Documentation
Documentation changes
 Kind/Enhancement
Improve existing functionality
 Kind/Feature
New functionality
 Kind/Security
This is security issue
 Kind/Testing
Issue or pull request related to testing
Priority
Critical
1
The priority is critical
Priority
High
2
The priority is high
Priority
Low
4
The priority is low
Priority
Medium
3
The priority is medium
Reviewed
Confirmed
1
Issue has been confirmed
Reviewed
Duplicate
2
This issue or pull request already exists
Reviewed
Invalid
3
Invalid issue
Reviewed
Won't Fix
3
This issue won't be fixed
Status
Abandoned
3
Somebody has started to work on this but abandoned work
Status
Blocked
1
Something is blocking this issue or pull request
Status
Need More Info
2
Feedback is required to reproduce issue or to continue work
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
didericis-claude (didericis (claude)) didericis-codex (didericis (codex)) didericis-gemma (gemma) didericis
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: didericis/bot-bottle#264
Delete Branch "fix-log-full-credential-redaction"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?