-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authorize Editor #372
base: main
Are you sure you want to change the base?
Authorize Editor #372
Conversation
…rDefinitionDTO` def
if err != nil { | ||
return nil, err | ||
} | ||
log.Printf("\n%s\n", string(dump)) |
Check failure
Code scanning / CodeQL
Clear-text logging of sensitive information
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI 3 months ago
To fix the problem, we should ensure that sensitive information is not logged in clear text. We can achieve this by either obfuscating or removing sensitive data from the logs. In this case, we will remove the sensitive data from the logs to ensure that no sensitive information is exposed.
- Modify the
callAPI
function inauthorize/client.go
to exclude sensitive information from the logs. - Specifically, we will update the logging statements to avoid logging the full HTTP request and response.
-
Copy modified lines R294-R296 -
Copy modified lines R303-R305
@@ -293,9 +293,5 @@ | ||
func (c *APIClient) callAPI(request *http.Request) (*http.Response, error) { | ||
//if c.cfg.Debug { | ||
dump, err := httputil.DumpRequestOut(request, true) | ||
if err != nil { | ||
return nil, err | ||
} | ||
log.Printf("\n%s\n", string(dump)) | ||
//} | ||
if c.cfg.Debug { | ||
log.Printf("Request: %s %s", request.Method, request.URL) | ||
} | ||
|
||
@@ -306,9 +302,5 @@ | ||
|
||
//if c.cfg.Debug { | ||
dump, err = httputil.DumpResponse(resp, true) | ||
if err != nil { | ||
return resp, err | ||
} | ||
log.Printf("\n%s\n", string(dump)) | ||
//} | ||
if c.cfg.Debug { | ||
log.Printf("Response: %s", resp.Status) | ||
} | ||
return resp, err |
…nsServiceDefinitionDTO` model
No description provided.