You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When there's a deserialization error from external systems serde exposes even the sensitive values in the logs.
For example a deserialization error from card locker:-
Unable to parse router::core::payment_methods::transformers::GetCardResponse from bytes b\"{\\\"card\\\":{\\\"cardId\\\":\\\"08657065-fa64-abcd\\\",\\\"externalId\\\":\\\"abcdefghijkl\\\",\\\"merchantId\\\":\\\"merchant1\\\",\\\"cardNumber\\\":\\\"121312313131313131\\\",\\\"cardExpYear\\\":\\\"25\\\",\\\"cardExpMonth\\\":\\\"10\\\",\\\"nameOnCard\\\":\\\"name\\\",\\\"cardFingerprint\\\":\\\"2602abcbabcabcabc\\\",\\\"cardGlobalFingerprint\\\":\\\"fafafafafafaf\\\",\\\"nickname\\\":\\\"hyperswitch\\\",\\\"customerId\\\":\\\"Customer123\\\"}}\"\n│\n╰─▶ \u001b[1mnot a valid credit card number at line 1 column 157\u001b[22m\n
Expected Behavior
It should ideally mask the values in the logs like
Unable to parse router::core::payment_methods::transformers::GetCardResponse from bytes b\"{\\\"card\\\":{\\\"cardId\\\":\\\"08657065-fa64-abcd\\\",\\\"externalId\\\":\\\"abcdefghijkl\\\",\\\"merchantId\\\":\\\"merchant1\\\",\\\"cardNumber\\\":\\\"*****3131\\\",\\\"cardExpYear\\\":\\\"**\\\",\\\"cardExpMonth\\\":\\\"**\\\",\\\"nameOnCard\\\":\\\"***\\\",\\\"cardFingerprint\\\":\\\"2602abcbabcabcabc\\\",\\\"cardGlobalFingerprint\\\":\\\"fafafafafafaf\\\",\\\"nickname\\\":\\\"hyperswitch\\\",\\\"customerId\\\":\\\"****\\\"}}\"\n│\n╰─▶ \u001b[1mnot a valid credit card number at line 1 column 157\u001b[22m\n
Actual Behavior
Exposes even the sensitive values in the logs
Steps To Reproduce
Manually insert a wrong value into the database and try to fetch it with application. You will see a parsing error with the values exposed
Context For The Bug
No response
Environment
Are you using hyperswitch hosted version? Yes/No
If yes, please provide the value of the x-request-id response header to help us debug your issue.
If not (or if building/running locally), please provide the following details:
Operating System or Linux distribution: MacOS
Rust version (output of rustc --version): 1.71.1
App version (output of cargo r --features vergen -- --version): NA
Have you spent some time checking if this bug has been raised before?
Bug Description
When there's a deserialization error from external systems serde exposes even the sensitive values in the logs.
For example a deserialization error from card locker:-
Unable to parse router::core::payment_methods::transformers::GetCardResponse from bytes b\"{\\\"card\\\":{\\\"cardId\\\":\\\"08657065-fa64-abcd\\\",\\\"externalId\\\":\\\"abcdefghijkl\\\",\\\"merchantId\\\":\\\"merchant1\\\",\\\"cardNumber\\\":\\\"121312313131313131\\\",\\\"cardExpYear\\\":\\\"25\\\",\\\"cardExpMonth\\\":\\\"10\\\",\\\"nameOnCard\\\":\\\"name\\\",\\\"cardFingerprint\\\":\\\"2602abcbabcabcabc\\\",\\\"cardGlobalFingerprint\\\":\\\"fafafafafafaf\\\",\\\"nickname\\\":\\\"hyperswitch\\\",\\\"customerId\\\":\\\"Customer123\\\"}}\"\n│\n╰─▶ \u001b[1mnot a valid credit card number at line 1 column 157\u001b[22m\n
Expected Behavior
It should ideally mask the values in the logs like
Unable to parse router::core::payment_methods::transformers::GetCardResponse from bytes b\"{\\\"card\\\":{\\\"cardId\\\":\\\"08657065-fa64-abcd\\\",\\\"externalId\\\":\\\"abcdefghijkl\\\",\\\"merchantId\\\":\\\"merchant1\\\",\\\"cardNumber\\\":\\\"*****3131\\\",\\\"cardExpYear\\\":\\\"**\\\",\\\"cardExpMonth\\\":\\\"**\\\",\\\"nameOnCard\\\":\\\"***\\\",\\\"cardFingerprint\\\":\\\"2602abcbabcabcabc\\\",\\\"cardGlobalFingerprint\\\":\\\"fafafafafafaf\\\",\\\"nickname\\\":\\\"hyperswitch\\\",\\\"customerId\\\":\\\"****\\\"}}\"\n│\n╰─▶ \u001b[1mnot a valid credit card number at line 1 column 157\u001b[22m\n
Actual Behavior
Exposes even the sensitive values in the logs
Steps To Reproduce
Manually insert a wrong value into the database and try to fetch it with application. You will see a parsing error with the values exposed
Context For The Bug
No response
Environment
Are you using hyperswitch hosted version? Yes/No
If yes, please provide the value of the
x-request-id
response header to help us debug your issue.If not (or if building/running locally), please provide the following details:
rustc --version
):1.71.1
cargo r --features vergen -- --version
):NA
Have you spent some time checking if this bug has been raised before?
Have you read the Contributing Guidelines?
Are you willing to submit a PR?
None
The text was updated successfully, but these errors were encountered: