Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: Potential fix for code scanning alert no. 12: Clear-text logging of sensitive information #1279

Closed
wants to merge 1 commit into from
Closed

chore: Potential fix for code scanning alert no. 12: Clear-text logging of sensitive information #1279

wants to merge 1 commit into from

Conversation

morri-son
Copy link
Contributor

Potential fix for https://github.com/open-component-model/ocm/security/code-scanning/12

To fix the problem, we should avoid logging sensitive information directly. Instead, we can log non-sensitive parts of the sub variable or provide a sanitized version of the information. This can be achieved by implementing a method that returns a sanitized string representation of the ConsumerProvider without including sensitive data.

  • Modify the catchedMatch function in api/credentials/internal/consumers.go to log a sanitized version of the sub variable.
  • Implement a method in the ConsumerProvider interface that returns a sanitized string representation.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

@morri-son @github-advanced-security
Potential fix for code scanning alert no. 12: Clear-text logging of s…
2768d92 
…ensitive information

Copilot proposal for https://github.com/open-component-model/ocm/security/code-scanning/12

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@github-actions github-actions bot added the size/s Small label Feb 4, 2025
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Feb 4, 2025
edited
Loading

Mend Scan Summary: ❌

Repository: open-component-model/ocm

VIOLATION DESCRIPTION NUMBER OF VIOLATIONS
HIGH/CRITICAL SECURITY VULNERABILITIES 5
MAJOR UPDATES AVAILABLE 0
LICENSE REQUIRES REVIEW 3
HIGH RISK LICENSES 9
RESTRICTIED LICENSE FOR ON-PREMISE DELIVERY 0

Detailed Logs: mend-scan-> Generate Report
Mend UI

@morri-son morri-son linked an issue Feb 4, 2025 that may be closed by this pull request
Security issues reported from GH #1281
Closed
@morri-son morri-son added the kind/chore chore, maintenance, etc. label Feb 4, 2025
@morri-son morri-son changed the title Potential fix for code scanning alert no. 12: Clear-text logging of sensitive information chore: Potential fix for code scanning alert no. 12: Clear-text logging of sensitive information Feb 4, 2025
@morri-son morri-son closed this Feb 4, 2025
@morri-son morri-son reopened this Feb 4, 2025
@morri-son morri-son closed this Feb 5, 2025
@morri-son morri-son removed a link to an issue Feb 5, 2025
Security issues reported from GH #1281
Closed
@hilmarf hilmarf deleted the alert-autofix-12 branch February 6, 2025 09:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
kind/chore chore, maintenance, etc. size/s Small
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@morri-son