From 6caffa589941ef063ba27546d0d7197d5fb97587 Mon Sep 17 00:00:00 2001 From: Ilya Danilov Date: Tue, 23 Dec 2025 16:28:32 +0300 Subject: [PATCH] hotfix: hide password from logs --- notifier/pkg/service/integration_logging.go | 27 +++++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) diff --git a/notifier/pkg/service/integration_logging.go b/notifier/pkg/service/integration_logging.go index 244b3ffb..d182667f 100644 --- a/notifier/pkg/service/integration_logging.go +++ b/notifier/pkg/service/integration_logging.go @@ -7,6 +7,7 @@ import ( "github.com/rs/zerolog/log" "github.com/runtime-radar/runtime-radar/lib/server/interceptor" "github.com/runtime-radar/runtime-radar/notifier/api" + "google.golang.org/protobuf/proto" "google.golang.org/protobuf/types/known/emptypb" ) @@ -20,7 +21,7 @@ func (il *IntegrationLogging) Create(ctx context.Context, req *api.Integration) log.Err(err).Str("delay", time.Since(t0).String()). Bool("audit", true). - Interface("args", req). + Interface("args", hidePassword(req)). Interface("result", resp). Stringer("correlation_id", corrID). Msg("Called IntegrationControllerServer.Create") @@ -51,7 +52,7 @@ func (il *IntegrationLogging) Update(ctx context.Context, req *api.Integration) log.Err(err).Str("delay", time.Since(t0).String()). Bool("audit", true). - Interface("args", req). + Interface("args", hidePassword(req)). Interface("result", resp). Stringer("correlation_id", corrID). Msg("Called IntegrationControllerServer.Update") @@ -91,3 +92,25 @@ func (il *IntegrationLogging) List(ctx context.Context, req *api.ListIntegration resp, err = il.IntegrationControllerServer.List(ctx, req) return } + +func hidePassword(req *api.Integration) *api.Integration { + if req == nil { + return nil + } + + clone, ok := proto.Clone(req).(*api.Integration) + if !ok { + return req + } + + const mask = "********" + if email := clone.GetEmail(); email != nil { + email.Password = mask + } + + if webhook := clone.GetWebhook(); webhook != nil { + webhook.Password = mask + } + + return clone +}