Skip to content

Potential fix for code scanning alert no. 3: Clear-text logging of sensitive information #15

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
garland3 wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Potential fix for code scanning alert no. 3: Clear-text logging of sensitive information #15

garland3 wants to merge 1 commit into from

Conversation

@garland3
Copy link
Collaborator

@garland3 garland3 commented Dec 10, 2025

Potential fix for https://github.com/sandialabs/VISTA/security/code-scanning/3

To fix this problem, we must ensure that no sensitive data or untrusted user-supplied content is logged in clear text. That means:

  • When logging database operations regarding API keys, never include the API key value, the hash, or any untrusted fields such as the key name verbatim without review.
  • Only include minimal, non-sensitive and non-identifying fields, such as resource IDs or static information, in log records.
  • For the create_api_key and deactivate_api_key operations, sanitize or eliminate logging of user-supplied fields in additional_info (e.g., do not log api_key.name). Log only safe, pre-reviewed constants such as the user ID (which is already a UUID and not PII), and the fact an operation occurred.

Required changes:

  • In crud.create_api_key: update the call to log_db_operation to not include the user-supplied API key name. Log only the user_id (already a UUID), or remove additional_info entirely.
  • In crud.deactivate_api_key: the call to log_db_operation only logs { "deactivated": True }, which is fine.
  • In log_db_operation: optionally, add a security comment to indicate that additional_info must never include sensitive/user-supplied values; validate or sanitize as an extra layer if desired.

No new methods or imports are needed; the change is limited to the removal/editing of logging of untrusted content.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

@garland3 @github-advanced-security
Potential fix for code scanning alert no. 3: Clear-text logging of se…
3f26ac0 
…nsitive information

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@garland3 garland3 marked this pull request as ready for review December 10, 2025 18:08
Copilot AI reviewed Dec 10, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR addresses a security vulnerability (code scanning alert #3) related to clear-text logging of sensitive information. The changes prevent logging of user-supplied API key names and other potentially sensitive data in database operation logs.

Key Changes:

  • Added security documentation to log_db_operation function warning against logging sensitive or user-supplied data
  • Removed API key name from logging in create_api_key function, retaining only the non-sensitive user_id UUID

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@travisdock travisdock Awaiting requested review from travisdock

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@garland3