Skip to content

DDR-24917: Remove debug log lines that expose request body content#12

Merged
wwidner-ch merged 1 commit into
masterfrom
DDR-24917-remove-debug-body-logging
Mar 31, 2026
Merged

DDR-24917: Remove debug log lines that expose request body content#12
wwidner-ch merged 1 commit into
masterfrom
DDR-24917-remove-debug-body-logging

Conversation

@wwidner-ch

Copy link
Copy Markdown

Summary

  • Remove log.Printf calls in protojson.Unmarshal and proto.Unmarshal error handlers that logged up to 256 bytes of raw request body content
  • Remove now-unused encoding/hex import
  • Errors are still returned to the caller for proper handling

Addresses review feedback from https://github.com/CyberhavenInc/dataflow/pull/27606#discussion_r3011270004

Test plan

  • Verify unmarshal errors still propagate correctly to callers
  • Confirm no sensitive data appears in logs on content-type mismatches

The protojson.Unmarshal and proto.Unmarshal error handlers logged up to
256 bytes of the raw request body. This risks exposing sensitive data
(PII, tokens, DLP-inspected content) in plaintext logs. The errors are
still returned to the caller for proper handling.
@wwidner-ch wwidner-ch merged commit 4ec6975 into master Mar 31, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants