Fix: Prevent sensitive data from leaking into logs#260
Open
taheerahmed wants to merge 1 commit intoe2b-dev:mainfrom
Open
Fix: Prevent sensitive data from leaking into logs#260taheerahmed wants to merge 1 commit intoe2b-dev:mainfrom
taheerahmed wants to merge 1 commit intoe2b-dev:mainfrom
Conversation
- Replace full auth code with hasCode boolean in callback error log, consistent with the request log at line 23 of the same file - Add access_token and signatureSecret to pino redaction paths at all nesting levels. These were missed because pino uses exact field name matching: accessToken does not match access_token, and secret does not match signatureSecret. Closes e2b-dev#259
|
@taheerahmed is attempting to deploy a commit to the E2B Team on Vercel. A member of the Team first needs to authorize it. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Two fixes to prevent sensitive data from appearing in application logs.
Changes
1. Auth code removed from callback error log
File:
src/app/api/auth/callback/route.ts(line 42)context: { - code, + hasCode: !!code, origin, returnTo, redirectTo, },The full auth code was logged when
exchangeCodeForSessionfailed. Changed to a boolean, consistent with how the same route already logs it at line 23:2. Missing fields added to pino redaction paths
File:
src/lib/clients/logger/logger.ts(lines 54-76)Added
access_tokenandsignatureSecretat all 3 nesting levels.Why these were missed: Pino redaction uses exact field name matching, not substring matching. The existing paths did not cover these because:
accessToken{ accessToken: "..." }{ access_token: "..." }*.secret{ input: { secret: "..." } }{ input: { signatureSecret: "..." } }Supabase sessions use
access_token(snake_case), and webhook actions usesignatureSecret— both bypassed the existing redaction config.What this does NOT change
The
clientInputlogging insrc/lib/clients/action.ts:80still logs full action inputs, but the newly added redaction paths now coversignatureSecretflowing through it. Whether to remove or allowlistclientInputlogging entirely is a broader design decision best left to the maintainers.Closes #259