Skip to content

Redact sensitive data from logging#906

Open
dawiddzhafarov wants to merge 6 commits intolinode:mainfrom
dawiddzhafarov:feature/cleartext-logging
Open

Redact sensitive data from logging#906
dawiddzhafarov wants to merge 6 commits intolinode:mainfrom
dawiddzhafarov:feature/cleartext-logging

Conversation

@dawiddzhafarov
Copy link
Contributor

@dawiddzhafarov dawiddzhafarov commented Mar 2, 2026
edited
Loading

📝 Description

This PR unifies obfuscation of sensitive data on Resty and logRequest/Response levels by redacting sensitive values.

✔️ How to Test

go test -v -run TestEnableLogSanitization ./...
go test -v -run TestRedactHeaders ./...

@dawiddzhafarov dawiddzhafarov force-pushed the feature/cleartext-logging branch from 2611048 to 5856e92 Compare March 2, 2026 12:12
@dawiddzhafarov dawiddzhafarov force-pushed the feature/cleartext-logging branch from 5856e92 to 3d05ce6 Compare March 2, 2026 12:16
@dawiddzhafarov
Copy link
Contributor Author

dawiddzhafarov commented Mar 2, 2026

There is different ticket to fix https://github.com/linode/linodego/security/code-scanning/16, which is being reported here.

@dawiddzhafarov dawiddzhafarov marked this pull request as ready for review March 2, 2026 12:32
@dawiddzhafarov dawiddzhafarov requested a review from a team as a code owner March 2, 2026 12:32
@dawiddzhafarov dawiddzhafarov requested review from Copilot, jriddle-linode and psnoch-akamai and removed request for a team March 2, 2026 12:32
Copilot AI reviewed Mar 2, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR standardizes sensitive-header redaction across both Resty debug logging hooks and the package’s internal httpClient request/response logging, ensuring secrets (e.g., Authorization tokens) do not appear in logs.

Changes:

  • Introduces a shared redaction map (redactHeadersMap) and a redactHeaders helper for sanitizing logged headers.
  • Applies header redaction to internal httpClient request/response logging output.
  • Expands test coverage for header redaction and log sanitization behavior.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 5 comments.

File Description
client.go Adds shared redaction configuration + helper, and uses it in request/response logging and Resty log hooks.
client_test.go Adds unit tests for header redaction and an integration-style test ensuring logs don’t contain raw tokens.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@dawiddzhafarov dawiddzhafarov requested a review from Copilot March 3, 2026 11:47
Copilot AI reviewed Mar 3, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@mgwoj mgwoj mgwoj approved these changes

@jriddle-linode jriddle-linode Awaiting requested review from jriddle-linode jriddle-linode is a code owner automatically assigned from linode/dx

@psnoch-akamai psnoch-akamai Awaiting requested review from psnoch-akamai psnoch-akamai is a code owner automatically assigned from linode/dx

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@dawiddzhafarov @mgwoj