Skip to content

Potential fix for code scanning alert no. 3: Clear-text logging of sensitive information #77

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Mar 13, 2025
Merged

Potential fix for code scanning alert no. 3: Clear-text logging of sensitive information #77

Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
5284007
Potential fix for code scanning alert no. 3: Clear-text logging of se…
krishnprakash Mar 13, 2025
4368026
Delete public/cloudflare-one/static/authenticated-doh.py
krishnprakash Mar 13, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 1 addition & 2 deletions public/cloudflare-one/static/authenticated-doh.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -146,8 +146,7 @@
if client_id == "new":
service_token_name = input('Please input name for service token > ')
client_id, client_secret = request_create_service_token(service_token_name)
print(
f"Created service token with client_id {client_id} and client_secret {client_secret}. You may want to save these secrets.")
print(f"Created service token with client_id {client_id}. Please save the client_id and client_secret securely.")

Check failure

Code scanning / CodeQL

Clear-text logging of sensitive information

This expression logs [sensitive data (secret)](1) as clear text.

Copilot Autofix

AI 9 months ago

To fix the problem, we need to ensure that sensitive information such as client_id and client_secret is not logged in clear text. Instead, we can log a generic message indicating that a service token was created without including the sensitive details. This way, we maintain the functionality of informing the user about the creation of the service token without exposing sensitive information.

We will modify the code in public/cloudflare-one/static/authenticated-doh.py to remove the sensitive information from the log message on line 149.

Suggested changeset 1
public/cloudflare-one/static/authenticated-doh.py

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/public/cloudflare-one/static/authenticated-doh.py b/public/cloudflare-one/static/authenticated-doh.py
--- a/public/cloudflare-one/static/authenticated-doh.py
+++ b/public/cloudflare-one/static/authenticated-doh.py
@@ -148,3 +148,3 @@
     client_id, client_secret = request_create_service_token(service_token_name)
-    print(f"Created service token with client_id {client_id}. Please save the client_id and client_secret securely.")
+    print("Created service token. Please save the client_id and client_secret securely.")
 
EOF
@@ -148,3 +148,3 @@
client_id, client_secret = request_create_service_token(service_token_name)
print(f"Created service token with client_id {client_id}. Please save the client_id and client_secret securely.")
print("Created service token. Please save the client_id and client_secret securely.")

Copilot is powered by AI and may make mistakes. Always verify output.
Unable to commit as this autofix suggestion is now outdated


if len(client_secret) == 0:
Expand Down