Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(aap+3scale+ocm): don't log sensitive data from errors #945

Merged
merged 1 commit into from
Nov 20, 2023
Merged

fix(aap+3scale+ocm): don't log sensitive data from errors #945

merged 1 commit into from
Nov 20, 2023

Conversation

christoph-jerolimov
Copy link
Member

@christoph-jerolimov christoph-jerolimov commented Nov 16, 2023
edited
Loading

This applies a similar change as #938 to the same issues for AAP, 3Scale, and OCM providers.

Changes:

  • Extract the essential error data from the error object (name, message, stack, status code).
  • Updated AapResourceEntityProvider.test.ts where I could confirm that the auth header was logged before. 3scale and OCM don't have unit tests for the Providers to confirm the change.
  • Added a message string to all logger.error statements. As best practice to make it easier find the right log statement and also to make it more compatible with backstage LoggerService.

@christoph-jerolimov christoph-jerolimov force-pushed the do-not-log-full-error-objects branch from 779efe8 to 915e150 Compare November 16, 2023 14:34
@sonarqubecloud SonarQubeCloud
Copy link

SonarCloud Quality Gate failed.    Quality Gate failed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
17.1% 17.1% Duplication

idea Catch issues before they fail your Quality Gate with our IDE extension sonarlint SonarLint

@kadel kadel mentioned this pull request Nov 16, 2023
Closed
@kadel
Copy link
Member

kadel commented Nov 16, 2023

Please don't forget to update aap and ocm plugins in showcase repo after this is merged.

tumido
tumido approved these changes Nov 20, 2023
View reviewed changes
Copy link
Member

@tumido tumido left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/approve

invincibleJai
invincibleJai approved these changes Nov 20, 2023
View reviewed changes
Copy link
Member

@invincibleJai invincibleJai left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@invincibleJai invincibleJai merged commit 7a5e7b8 into janus-idp:main Nov 20, 2023
4 of 5 checks passed
@christoph-jerolimov christoph-jerolimov deleted the do-not-log-full-error-objects branch November 20, 2023 15:30
@christoph-jerolimov christoph-jerolimov mentioned this pull request Nov 20, 2023
Merged
5 tasks
@christoph-jerolimov christoph-jerolimov self-assigned this Jan 8, 2024
This was referenced Oct 17, 2024
Closed
Closed
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tumido tumido tumido approved these changes

@invincibleJai invincibleJai invincibleJai approved these changes

@gorkem gorkem Awaiting requested review from gorkem

@AndrienkoAleksandr AndrienkoAleksandr Awaiting requested review from AndrienkoAleksandr AndrienkoAleksandr is a code owner

@PatAKnight PatAKnight Awaiting requested review from PatAKnight PatAKnight is a code owner

@fmenesesg fmenesesg Awaiting requested review from fmenesesg fmenesesg is a code owner

@schultzp2020 schultzp2020 Awaiting requested review from schultzp2020

Assignees

@christoph-jerolimov christoph-jerolimov

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@christoph-jerolimov @kadel @invincibleJai @tumido