Skip to content

Comments

add prompts and tables to main log#2827

Closed
felipemadero wants to merge 1 commit intomainfrom
add-prompts-and-tables-to-log
Closed

add prompts and tables to main log#2827
felipemadero wants to merge 1 commit intomainfrom
add-prompts-and-tables-to-log

Conversation

@felipemadero
Copy link
Collaborator

@felipemadero felipemadero commented Jun 1, 2025

Why this should be merged

Currently, prompt options and tables and not included in the main log, which makes it difficult
to fully check what were the inputs and the processing results.

How this works

How this was tested

How is this documented

@felipemadero felipemadero requested a review from a team as a code owner June 1, 2025 13:58
github-advanced-security[bot]
github-advanced-security bot found potential problems Jun 1, 2025
View reviewed changes
pkg/ux/output.go
fmt.Fprint(ul.Writer, msg)
ul.log.Info(msg)
fmt.Fprint(ul.Writer, s)
ul.log.Info(strings.TrimSpace(s))

Check failure

Code scanning / CodeQL

Clear-text logging of sensitive information High

Sensitive data returned by an access to subnetAuthKeys
Loading
flows to a logging call.
Sensitive data returned by an access to subnetAuthKeys
Loading
flows to a logging call.
Sensitive data returned by an access to subnetAuthKeys
Loading
flows to a logging call.
Sensitive data returned by an access to subnetAuthKeys
Loading
flows to a logging call.
Sensitive data returned by an access to subnetAuthKey
Loading
flows to a logging call.
Sensitive data returned by an access to subnetAuthKeys
Loading
flows to a logging call.
Sensitive data returned by an access to remainingSubnetAuthKeys
Loading
flows to a logging call.
Sensitive data returned by an access to subnetAuthKey
Loading
flows to a logging call.

Copilot Autofix

AI 9 months ago

To fix the issue, sensitive data (subnetAuthKeys) should be obfuscated or omitted entirely before being logged. This can be achieved by replacing the logging of subnetAuthKeys with a sanitized or masked version of the data. For example, sensitive keys can be replaced with a hash or a truncated version that does not reveal the full key.

The changes will be made in both cmd/blockchaincmd/change_owner.go and pkg/ux/output.go:

  1. In cmd/blockchaincmd/change_owner.go, sanitize or mask subnetAuthKeys before passing it to ux.Logger.PrintToUser.
  2. In pkg/ux/output.go, ensure that the PrintToUser method does not log sensitive data in clear text.
Suggested changeset 2
pkg/ux/output.go

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/pkg/ux/output.go b/pkg/ux/output.go
--- a/pkg/ux/output.go
+++ b/pkg/ux/output.go
@@ -58,3 +58,3 @@
 		fmt.Fprint(ul.Writer, s)
-		ul.log.Info(strings.TrimSpace(s))
+		ul.log.Info(strings.TrimSpace(utils.SanitizeLogMessage(s)))
 	} else {
EOF
@@ -58,3 +58,3 @@
fmt.Fprint(ul.Writer, s)
ul.log.Info(strings.TrimSpace(s))
ul.log.Info(strings.TrimSpace(utils.SanitizeLogMessage(s)))
} else {
cmd/blockchaincmd/change_owner.go
Outside changed files

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/cmd/blockchaincmd/change_owner.go b/cmd/blockchaincmd/change_owner.go
--- a/cmd/blockchaincmd/change_owner.go
+++ b/cmd/blockchaincmd/change_owner.go
@@ -123,3 +123,4 @@
 	}
-	ux.Logger.PrintToUser("Your auth keys for add validator tx creation: %s", subnetAuthKeys)
+	maskedKeys := utils.MaskSensitiveKeys(subnetAuthKeys)
+	ux.Logger.PrintToUser("Your auth keys for add validator tx creation: %s", maskedKeys)
 
EOF
@@ -123,3 +123,4 @@
}
ux.Logger.PrintToUser("Your auth keys for add validator tx creation: %s", subnetAuthKeys)
maskedKeys := utils.MaskSensitiveKeys(subnetAuthKeys)
ux.Logger.PrintToUser("Your auth keys for add validator tx creation: %s", maskedKeys)

Copilot is powered by AI and may make mistakes. Always verify output.
pkg/ux/output.go
ul.log.Info(strings.TrimSpace(s))
} else {
fmt.Print(msg)
fmt.Print(s)

Check failure

Code scanning / CodeQL

Clear-text logging of sensitive information High

Sensitive data returned by an access to subnetAuthKeys
Loading
flows to a logging call.
Sensitive data returned by an access to subnetAuthKeys
Loading
flows to a logging call.
Sensitive data returned by an access to subnetAuthKeys
Loading
flows to a logging call.
Sensitive data returned by an access to subnetAuthKeys
Loading
flows to a logging call.
Sensitive data returned by an access to subnetAuthKey
Loading
flows to a logging call.
Sensitive data returned by an access to subnetAuthKeys
Loading
flows to a logging call.
Sensitive data returned by an access to remainingSubnetAuthKeys
Loading
flows to a logging call.
Sensitive data returned by an access to subnetAuthKey
Loading
flows to a logging call.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@learyce learyce Awaiting requested review from learyce learyce is a code owner automatically assigned from ava-labs/tooling

@Tonix517 Tonix517 Awaiting requested review from Tonix517 Tonix517 is a code owner automatically assigned from ava-labs/tooling

@jasonatran jasonatran Awaiting requested review from jasonatran jasonatran is a code owner automatically assigned from ava-labs/tooling

@sukantoraymond sukantoraymond Awaiting requested review from sukantoraymond sukantoraymond is a code owner automatically assigned from ava-labs/tooling

@artemanosov artemanosov Awaiting requested review from artemanosov artemanosov is a code owner automatically assigned from ava-labs/tooling

@meaghanfitzgerald meaghanfitzgerald Awaiting requested review from meaghanfitzgerald meaghanfitzgerald is a code owner automatically assigned from ava-labs/tooling

@cwend-ava cwend-ava Awaiting requested review from cwend-ava cwend-ava is a code owner automatically assigned from ava-labs/tooling

Assignees

@felipemadero felipemadero

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@felipemadero