Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: Potential fix for code scanning alert no. 11: Clear-text logging of sensitive information #1280

Closed
wants to merge 1 commit into from
Closed

chore: Potential fix for code scanning alert no. 11: Clear-text logging of sensitive information #1280

wants to merge 1 commit into from

Conversation

morri-son
Copy link
Contributor

Potential fix for https://github.com/open-component-model/ocm/security/code-scanning/11

To fix the problem, we should avoid logging sensitive information directly. Instead, we can log non-sensitive metadata or obfuscate the sensitive parts. In this case, we can remove the logging of the sub variable or replace it with a less sensitive representation.

  • Remove or obfuscate the logging of the sub variable in the catchedMatch function.
  • Ensure that no sensitive information is logged in clear text.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

@morri-son @github-advanced-security
Potential fix for code scanning alert no. 11: Clear-text logging of s…
fcefb20 
…ensitive information

Copilot proposal for https://github.com/open-component-model/ocm/security/code-scanning/11

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@github-actions github-actions bot added the size/xs Extra small label Feb 4, 2025
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Feb 4, 2025

Mend Scan Summary: ❌

Repository: open-component-model/ocm

VIOLATION DESCRIPTION NUMBER OF VIOLATIONS
HIGH/CRITICAL SECURITY VULNERABILITIES 5
MAJOR UPDATES AVAILABLE 0
LICENSE REQUIRES REVIEW 2
HIGH RISK LICENSES 9
RESTRICTIED LICENSE FOR ON-PREMISE DELIVERY 0

Detailed Logs: mend-scan-> Generate Report
Mend UI

@morri-son morri-son linked an issue Feb 4, 2025 that may be closed by this pull request
Security issues reported from GH #1281
Closed
@morri-son morri-son added the kind/chore chore, maintenance, etc. label Feb 4, 2025
@morri-son morri-son changed the title Potential fix for code scanning alert no. 11: Clear-text logging of sensitive information chore: Potential fix for code scanning alert no. 11: Clear-text logging of sensitive information Feb 4, 2025
@morri-son morri-son closed this Feb 5, 2025
@morri-son morri-son removed a link to an issue Feb 5, 2025
Security issues reported from GH #1281
Closed
@hilmarf hilmarf deleted the alert-autofix-11 branch February 6, 2025 09:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
kind/chore chore, maintenance, etc. size/xs Extra small
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@morri-son