Fixed security issues in the logging and redundant test cases

Signed-off-by: Jitesh Nair <jiteshnair@ibm.com>

Author: ja8zyjits

.secrets.baseline

@@ -3,7 +3,7 @@
     "files": "^.secrets.baseline|package-lock.json|Cargo.lock|scripts/sign_image.sh|scripts/zap|sonar-project.properties|uv.lock|go.sum|mcpgateway/sri_hashes.json|^.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2026-04-14T15:58:17Z",
+  "generated_at": "2026-04-14T21:47:51Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -4876,23 +4876,23 @@
         "hashed_secret": "f2b14f68eb995facb3a1c35287b778d5bd785511",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 175,
+        "line_number": 176,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "1073ab6cda4b991cd29f9e83a307f34004ae9327",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 181,
+        "line_number": 182,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "d4fe581561f18ee5006254a7e53f53cbed780bc2",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 268,
+        "line_number": 269,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -8698,63 +8698,63 @@
         "hashed_secret": "99834bc4eff3f1e1c1e4692d2476b593b501d045",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 5738,
+        "line_number": 5711,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "f2b14f68eb995facb3a1c35287b778d5bd785511",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 5756,
+        "line_number": 5729,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "b8cec023ad982a1355abb9e7c7700e42d7e6fac3",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 5780,
+        "line_number": 5753,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "0614eb27c6e0d2f4ed9a1cce2a5bcbbbc17aa556",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 5844,
+        "line_number": 5817,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "a38fea79a043f0c9a62f851659d459dc3b716ea9",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 5855,
+        "line_number": 5828,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "a50da1fb101595ac5158f2c9394a65a84061b56c",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 5896,
+        "line_number": 5869,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "ed3e0017cb8e4b06a59af1a441f62cbe58d2ef59",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 5902,
+        "line_number": 5875,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "9bdc408babb4c5740aa9ee42e65b9308bd01f5f9",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 7025,
+        "line_number": 6998,
         "type": "Secret Keyword",
         "verified_result": null
       }

mcpgateway/middleware/request_logging_middleware.py

@@ -63,6 +63,7 @@
 # First-Party
 from mcpgateway.auth import get_current_user
 from mcpgateway.config import settings
+from mcpgateway.common.validators import SecurityValidator
 from mcpgateway.middleware.path_filter import should_skip_request_logging
 from mcpgateway.services.logging_service import LoggingService
 from mcpgateway.services.structured_logger import get_structured_logger
@@ -299,8 +300,8 @@ def _mask_json_payload_for_logging(payload: bytes, max_depth: int = 10) -> str:
                 if isinstance(masked_payload, bytes):
                     return masked_payload.decode("utf-8", errors="ignore")
                 return str(masked_payload)
-            except Exception:
-                logger.exception("Failed in processing the payload")
+            except Exception as exc:
+                logger.warning("Failed in processing the payload %s", SecurityValidator.sanitize_log_message(str(exc)))
 
     json_payload = orjson.loads(payload)
     payload_to_log = mask_sensitive_data(json_payload, max_depth)

mcpgateway/services/tool_service.py

@@ -1298,7 +1298,7 @@ def _extract_and_validate_structured_content(self, tool: DbTool, tool_result: "T
             # Reference: https://modelcontextprotocol.io/specification/2025-11-25/server/tools#error-handling
             is_error = getattr(tool_result, "is_error", False) or getattr(tool_result, "isError", False)
             if is_error:
-                logger.debug(f"Skipping output schema validation for error response from tool {getattr(tool, 'name', '<unknown>')}")
+                logger.debug(f"Skipping output schema validation for error response from tool {SecurityValidator.sanitize_log_message(getattr(tool, 'name', '<unknown>'))}")
                 return True
 
             output_schema = getattr(tool, "output_schema", None)

tests/unit/mcpgateway/services/test_tool_service_coverage.py

@@ -3546,6 +3546,39 @@ async def test_team_name_conflict(self, tool_service):
         tool.tags = []
         tool.team_id = "team-1"
 
+        existing = MagicMock()
+        existing.name = "my_tool"
+        existing.enabled = True
+        existing.id = "existing-id"
+        existing.visibility = "team"
+
+        db = MagicMock()
+        db.execute = MagicMock(return_value=MagicMock(scalar_one_or_none=MagicMock(return_value=existing)))
+
+        with pytest.raises(ToolNameConflictError):
+            await tool_service.register_tool(db, tool, visibility="team", team_id="team-1", owner_email="user@test.com")
+
+    @pytest.mark.asyncio
+    async def test_defaults_visibility_from_tool_object(self, tool_service):
+        """When visibility is None, defaults from tool.visibility then checks name conflict."""
+        tool = MagicMock()
+        tool.name = "dup_tool_defaults"
+        tool.team_id = "team-99"
+        tool.owner_email = "default@test.com"
+        tool.visibility = "team"  # will be used as default since visibility=None
+
+        existing = MagicMock()
+        existing.name = "dup_tool_defaults"
+        existing.enabled = True
+        existing.id = "existing-id"
+        existing.visibility = "team"
+
+        db = MagicMock()
+        db.execute = MagicMock(return_value=MagicMock(scalar_one_or_none=MagicMock(return_value=existing)))
+
+        # visibility=None => uses tool.visibility="team", team_id defaults from tool.team_id
+        with pytest.raises(ToolNameConflictError):
+            await tool_service.register_tool(db, tool, visibility=None, owner_email=None)
 
     def test_skip_validation_for_error_response_is_error(self, tool_service):
         """Skip output schema validation when is_error=True per MCP spec."""
@@ -3646,66 +3679,6 @@ def test_validate_success_response_fails_validation(self, tool_service):
         assert "recognitionId" in tool_result.content[0].text or "required" in tool_result.content[0].text.lower()
 
 
-# ---------------------------------------------------------------------------
-# register_tool — team name conflict (lines 1075-1078) + defaults (1059-1062)
-# ---------------------------------------------------------------------------
-
-
-class TestRegisterToolBranches:
-    @pytest.mark.asyncio
-    async def test_team_name_conflict(self, tool_service):
-        """Raises ToolNameConflictError when team tool with same name exists."""
-        tool = MagicMock()
-        tool.name = "my_tool"
-        tool.displayName = "My Tool"
-        tool.url = "http://example.com"
-        tool.description = "desc"
-        tool.integration_type = "REST"
-        tool.request_type = "GET"
-        tool.headers = {}
-        tool.input_schema = {}
-        tool.output_schema = None
-        tool.annotations = {}
-        tool.jsonpath_filter = None
-        tool.auth = None
-        tool.tags = []
-        tool.team_id = "team-1"
-
-        existing = MagicMock()
-        existing.name = "my_tool"
-        existing.enabled = True
-        existing.id = "existing-id"
-        existing.visibility = "team"
-
-        db = MagicMock()
-        db.execute = MagicMock(return_value=MagicMock(scalar_one_or_none=MagicMock(return_value=existing)))
-
-        with pytest.raises(ToolNameConflictError):
-            await tool_service.register_tool(db, tool, visibility="team", team_id="team-1", owner_email="user@test.com")
-
-    @pytest.mark.asyncio
-    async def test_defaults_visibility_from_tool_object(self, tool_service):
-        """When visibility is None, defaults from tool.visibility then checks name conflict."""
-        tool = MagicMock()
-        tool.name = "dup_tool_defaults"
-        tool.team_id = "team-99"
-        tool.owner_email = "default@test.com"
-        tool.visibility = "team"  # will be used as default since visibility=None
-
-        existing = MagicMock()
-        existing.name = "dup_tool_defaults"
-        existing.enabled = True
-        existing.id = "existing-id"
-        existing.visibility = "team"
-
-        db = MagicMock()
-        db.execute = MagicMock(return_value=MagicMock(scalar_one_or_none=MagicMock(return_value=existing)))
-
-        # visibility=None => uses tool.visibility="team", team_id defaults from tool.team_id
-        with pytest.raises(ToolNameConflictError):
-            await tool_service.register_tool(db, tool, visibility=None, owner_email=None)
-
-
 # ---------------------------------------------------------------------------
 # _process_chunk — fail status + audit + exception (lines 1432-1434, 1449-1465)
 # ---------------------------------------------------------------------------