[TT-15354]: Improve logging in JWT Middleware #7528
Merged
probelabs / Visor: security
succeeded
Nov 12, 2025 in 3m 56s
✅ Check Passed (Warnings Found)
security check passed. Found 1 warning, but fail_if condition was not met.
Details
📊 Summary
- Total Issues: 1
- Warning Issues: 1
🐛 Issues by Category
🔐 Security (1)
⚠️ gateway/mw_jwt.go:988 - The log level for an error that could potentially contain sensitive data has been elevated fromDebugtoWarn. The error originates from a function that unmarshals anOauthClientobject, which contains aClientSecret. If the stored client data is malformed, the JSON unmarshal error could include fragments of sensitive data. Logging this at theWarnlevel increases the risk of exposing this data in production logs.
Powered by Visor from Probelabs
💡 TIP: You can chat with Visor using /visor ask <your question>
Annotations
Check warning on line 989 in gateway/mw_jwt.go
probelabs / Visor: security
security Issue
The log level for an error that could potentially contain sensitive data has been elevated from `Debug` to `Warn`. The error originates from a function that unmarshals an `OauthClient` object, which contains a `ClientSecret`. If the stored client data is malformed, the JSON unmarshal error could include fragments of sensitive data. Logging this at the `Warn` level increases the risk of exposing this data in production logs.
Raw output
To mitigate the risk of leaking sensitive data, log a generic warning message without the raw error object. The detailed error can remain at the `Debug` level for troubleshooting purposes, which is less likely to be enabled in production environments.
Loading