Skip to content

Always use parameterised log messages#775

Merged
axlewin merged 9 commits intomainfrom
improvement/log-parameters
Apr 20, 2026
Merged

Always use parameterised log messages#775
axlewin merged 9 commits intomainfrom
improvement/log-parameters

Conversation

@jsharkey13
Copy link
Copy Markdown
Member

We should always use parameterised log messages, regardless of whether the data is user-provided or not.

I have tried to leave the case in UserAuthenticationManager.java alone, since it is fixed in the cookies PR and will conflict if I change it here (may not be enough to avoid a conflict anyhow).

Also a few small bits of cleaning up, including fixing some incorrect logger initialisations!

If the matched choice legitimately had no feedback, this log statement
was printed despite not being accurate. Using 3VL for `responseCorrect`
allows us to detect whether a choice was matched.
We had an odd mix of paramterised and String.format(...) messages, but
we can just uniformly use paramterised messages regardless of whether
the input might be user-controlled or not.
@codecov
Copy link
Copy Markdown

codecov Bot commented Apr 10, 2026

Codecov Report

❌ Patch coverage is 25.19481% with 288 lines in your changes missing coverage. Please review.
✅ Project coverage is 40.13%. Comparing base (e0e5c4d) to head (4662027).
⚠️ Report is 10 commits behind head on main.

Files with missing lines Patch % Lines
...ava/uk/ac/cam/cl/dtg/segue/etl/ContentIndexer.java 13.15% 33 Missing ⚠️
.../cl/dtg/segue/api/managers/UserAccountManager.java 20.58% 27 Missing ⚠️
...n/java/uk/ac/cam/cl/dtg/segue/api/AdminFacade.java 0.00% 24 Missing ⚠️
...cl/dtg/isaac/api/managers/EventBookingManager.java 0.00% 13 Missing ⚠️
.../ac/cam/cl/dtg/segue/api/AuthenticationFacade.java 9.09% 10 Missing ⚠️
.../dtg/segue/api/userAlerts/UserAlertsWebSocket.java 0.00% 10 Missing ⚠️
.../segue/api/managers/UserAuthenticationManager.java 50.00% 9 Missing ⚠️
...n/java/uk/ac/cam/cl/dtg/segue/api/EmailFacade.java 0.00% 7 Missing ⚠️
...n/java/uk/ac/cam/cl/dtg/segue/api/UsersFacade.java 12.50% 7 Missing ⚠️
...in/java/uk/ac/cam/cl/dtg/segue/database/GitDb.java 12.50% 7 Missing ⚠️
... and 65 more
Additional details and impacted files
@@            Coverage Diff             @@
##             main     #775      +/-   ##
==========================================
+ Coverage   40.11%   40.13%   +0.01%     
==========================================
  Files         547      546       -1     
  Lines       23868    23797      -71     
  Branches     2899     2900       +1     
==========================================
- Hits         9574     9550      -24     
+ Misses      13382    13335      -47     
  Partials      912      912              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Copy link
Copy Markdown
Contributor

@github-advanced-security github-advanced-security AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CodeQL found more than 20 potential problems in the proposed changes. Check the Files changed tab for more details.

Comment thread src/main/java/uk/ac/cam/cl/dtg/segue/database/GitDb.java Dismissed
Comment thread src/main/java/uk/ac/cam/cl/dtg/segue/api/userAlerts/UserAlertsWebSocketServlet.java Dismissed
Comment thread src/main/java/uk/ac/cam/cl/dtg/segue/api/userAlerts/UserAlertsWebSocketServlet.java Dismissed
Comment thread src/main/java/uk/ac/cam/cl/dtg/segue/api/monitors/AuditMonitor.java Dismissed
Comment thread src/main/java/uk/ac/cam/cl/dtg/segue/api/AdminFacade.java Dismissed
Comment thread src/main/java/uk/ac/cam/cl/dtg/segue/api/AdminFacade.java Dismissed
Comment thread src/main/java/uk/ac/cam/cl/dtg/segue/api/AdminFacade.java Dismissed
Comment thread src/main/java/uk/ac/cam/cl/dtg/segue/api/AuthenticationFacade.java Fixed
@axlewin axlewin force-pushed the improvement/log-parameters branch from 7ad86c7 to 7d52a5b Compare April 20, 2026 10:30
# Conflicts:
#	src/main/java/uk/ac/cam/cl/dtg/segue/api/managers/UserAuthenticationManager.java
I inadvertently removed it too soon in acc1d27
This prints exactly the same detail about the object as it used to,
but now without falling back to Object::toString.
If we don't load a partiallyLoggedInUser, we aren't actually verifying
the code against an account, so it likely does not matter that it
happened when considering rate limiting; it could exhaust resources, but
it won't leak information.
@axlewin axlewin merged commit b59703d into main Apr 20, 2026
5 checks passed
@axlewin axlewin deleted the improvement/log-parameters branch April 20, 2026 13:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants