Skip to content

Potential fix for code scanning alert no. 519: Clear-text logging of sensitive information#54742

Merged
potiuk merged 1 commit into
mainfrom
Remove-debugging-for-potentially-sensitive-token
Aug 20, 2025
Merged

Potential fix for code scanning alert no. 519: Clear-text logging of sensitive information#54742
potiuk merged 1 commit into
mainfrom
Remove-debugging-for-potentially-sensitive-token

Conversation

@potiuk

@potiuk potiuk commented Aug 20, 2025

Copy link
Copy Markdown
Member

Potential fix for https://github.com/apache/airflow/security/code-scanning/519

To fix the problem, we should avoid logging the OAuth token in clear text. Instead, we can log that a token was retrieved, without including its value. If necessary for debugging, we could log only non-sensitive metadata (such as the type or length of the token), or redact the token value (e.g., log only the first few characters, or a hash). The best fix is to remove the token value from the log message entirely, replacing it with a generic message indicating that the token was accessed. This change should be made in the oauth_token_getter static method, specifically on line 2196. No new imports or definitions are required.


Suggested fixes powered by Copilot Autofix. Review carefully before merging.

…sensitive information

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@potiuk
potiuk marked this pull request as ready for review August 20, 2025 15:21
@potiuk
potiuk requested a review from vincbeck as a code owner August 20, 2025 15:21
@potiuk
potiuk merged commit a51a604 into main Aug 20, 2025
100 of 104 checks passed
@potiuk
potiuk deleted the Remove-debugging-for-potentially-sensitive-token branch August 20, 2025 19:20
github-actions Bot pushed a commit that referenced this pull request Aug 20, 2025
… logging of sensitive information (#54742)

(cherry picked from commit a51a604)

Co-authored-by: Jarek Potiuk <jarek@potiuk.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@github-actions

Copy link
Copy Markdown
Contributor

Backport successfully created: v3-0-test

Status Branch Result
v3-0-test PR Link

@potiuk

potiuk commented Aug 20, 2025

Copy link
Copy Markdown
Member Author

no need to backport

mangal-vairalkar pushed a commit to mangal-vairalkar/airflow that referenced this pull request Aug 30, 2025
…sensitive information (apache#54742)

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants