fix: remove sensitive information from logs (#9)

- Remove secret name from Cognito credential retrieval logs
- Remove URL from HTTP request logs to avoid exposing query parameters

Fixes CodeQL alerts #1, #4, #18

Author: jimini55

packages/agentcore-agents/hotel-booking-agent/common/cognito_token_manager.py

@@ -34,7 +34,7 @@ def _get_cognito_credentials(self) -> dict[str, str]:
         """
         try:
             if self._cached_credentials is None:
-                logger.info(f"Retrieving Cognito credentials from secret: {self.secret_name}")
+                logger.info("Retrieving Cognito credentials from Secrets Manager")
 
                 secret_value = self.secrets_client.get_secret_value(SecretId=self.secret_name)
                 self._cached_credentials = json.loads(secret_value["SecretString"])

packages/agentcore-mcp-servers/hotel-booking/common/cognito_token_manager.py

@@ -34,7 +34,7 @@ def _get_cognito_credentials(self) -> dict[str, str]:
         """
         try:
             if self._cached_credentials is None:
-                logger.info(f"Retrieving Cognito credentials from secret: {self.secret_name}")
+                logger.info("Retrieving Cognito credentials from Secrets Manager")
 
                 secret_value = self.secrets_client.get_secret_value(SecretId=self.secret_name)
                 self._cached_credentials = json.loads(secret_value["SecretString"])

packages/agentcore-mcp-servers/hotel-booking/common/hotel_booking_support.py

@@ -69,7 +69,7 @@ def _make_api_request(
             APIError: If the request fails
         """
         try:
-            logger.info(f"Making {method} request to {url}")
+            logger.info(f"Making {method} request")
 
             # Prepare the request body
             body = None