fix: remove OAuth token logging and redact sensitive data from CLI output#450
Open
gyanranjanpanda wants to merge 2 commits into
Open
fix: remove OAuth token logging and redact sensitive data from CLI output#450gyanranjanpanda wants to merge 2 commits into
gyanranjanpanda wants to merge 2 commits into
Conversation
Signed-off-by: gyanranjanpanda <sanupanda141@gmail.com>
gyanranjanpanda
requested review from
Harsh4902,
lbroudoux and
yada
as code owners
…tput Remove unconditional log.Printf calls that leaked access tokens and refresh tokens to stderr after SSO login. Redact the callback URL (which contained the OAuth authorization code) and the authorization URL (which contained state nonce and code challenge). Additionally, add redaction of Authorization headers and OAuth token parameters in verbose HTTP dump output to prevent credential exposure when --verbose flag is used. Closes microcks#449 Signed-off-by: gyanranjanpanda <sanupanda141@gmail.com>
gyanranjanpanda
force-pushed
the
fix/redact-oauth-tokens-from-logs
branch
from
8a2761a to
7645976
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes #449 — SSO login leaks OAuth access and refresh tokens to CLI logs.
Changes
cmd/login.golog.Printf("Token: %s\n", tokenString)log.Printf("Refresh Token: %s\n", refreshToken)log.Printf("Callback: %s\n", r.URL)log.Printf("Callback received on: %s\n", r.URL.Path)fmt.Printf("Performing ... login: %s\n", url)?)pkg/config/config.goAdded
redactSensitiveContent()helper that masks:Authorizationheader values →Authorization: [REDACTED]access_token,refresh_token,id_token,code) →param=[REDACTED]Applied to both
DumpRequestIfRequired()andDumpResponseIfRequired()so that--verboseHTTP dumps no longer leak bearer tokens.Verification
go build ./...✅go vet ./...✅ (pre-existing warning inpkg/watcher/executor.gounrelated to this change)grepconfirms zero remaining token log statements incmd/Risk Assessment
Low risk — Only removes debug log statements and adds output redaction. No behavioral changes to authentication flow, token storage, or API calls.