fix: remove DATABASE_USER from log messages to avoid sensitive data exposure

[ruanxin]

Summary

• Remove DATABASE_USER credential value from log messages in doc_indexer/src/main.py
• Replace f"No tables found for user {DATABASE_USER}." and f"HANA tables for user {DATABASE_USER}:..." with generic messages that don't expose credential values

Addresses Checkmarx SAST finding (severity: LOW):

• Filtering_Sensitive_Logs in doc_indexer/src/main.py (line 109)

Test plan

• Verify existing unit tests still pass
• Confirm log output no longer contains the database username

[hyperspace-insights]

Summary

The following content is AI-generated and provides a summary of the pull request:

---

Fix: Remove DATABASE_USER from Log Messages to Prevent Sensitive Data Exposure

Bug Fix

🐛 Removed the DATABASE_USER credential value from log messages in doc_indexer/src/main.py to prevent sensitive data exposure. This addresses a Checkmarx SAST finding (Filtering_Sensitive_Logs, severity: LOW).

Changes

• doc_indexer/src/main.py: Replaced two log messages that included the DATABASE_USER value with generic equivalents:
  • f"No tables found for user {DATABASE_USER}." → "No tables found."
  • f"HANA tables for user {DATABASE_USER}:\n{header}\n{separator}" → f"HANA tables:\n{header}\n{separator}"

---

• 🔄 Regenerate and Update Summary
• ✏️ Insert as PR Description (deletes this comment)
• 🗑️ Delete comment

PR Bot Information

Version: 1.21.1

• File Content Strategy: Full file content
• Summary Prompt: Default Prompt
• Correlation ID: bb219aed-ae01-4bf5-a3db-587085b29c7f
• Output Template: Default Template
• LLM: anthropic--claude-4.6-sonnet
• Event Trigger: pull_request.opened

[hyperspace-insights]

The changes look correct and focused. The PR removes DATABASE_USER from two log messages. Let me check the broader file for any remaining sensitive data in log messages to see if the fix is complete.

The fix is complete — no other log messages in the file reference DATABASE_USER, DATABASE_PASSWORD, or other credentials. The two changed lines are the only places where DATABASE_USER appeared in log output.

The changes are minimal, correct, and directly address the stated security finding. Both modified log messages convey the same operational meaning without exposing the database username. No issues to flag.

---

This is a clean, focused fix that correctly removes credential values from log output to address the Checkmarx SAST finding. No additional issues were found in the changed code.

PR Bot Information

Version: 1.21.1

• File Content Strategy: Full file content
• Review Focus Files:
  • https://github.com/kyma-project/kyma-companion/blob/3e86976ea2e3b284788bc3d201d8bcf4cd0ac441/.hyperspace/pull_request_bot_review_focus.md
• Correlation ID: bb219aed-ae01-4bf5-a3db-587085b29c7f
• LLM: anthropic--claude-4.6-sonnet
• Event Trigger: pull_request.opened

[tanweersalah]

lgtm