Skip to content

Commit 15a667d

Browse files
authored
fix: resolve CodeQL go/clear-text-logging in aliyun signer (#641)
Replace debug logs that printed signed URLs and HMAC signatures with generic success messages to avoid logging sensitive data. Resolves NR-560142.
1 parent a77a173 commit 15a667d

2 files changed

Lines changed: 3 additions & 4 deletions

File tree

internal/aliyun/signer.go

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -52,7 +52,7 @@ func (s *Signer) Sign(r *http.Request) (string, error) {
5252
paramsToSign.Add("Signature", signature)
5353

5454
signedURL = r.URL.Scheme + "://" + r.URL.Host + r.URL.Path + "?" + paramsToSign.Encode()
55-
load.Logrus.Debugf("Aliyun Signer: SignedUrl: %v ", signedURL)
55+
load.Logrus.Debug("Aliyun Signer: URL signed successfully")
5656
return signedURL, nil
5757
}
5858

@@ -71,8 +71,7 @@ func ShaHmac1(source, secret string) string {
7171
signedBytes := hmac.Sum(nil)
7272
signedString := base64.StdEncoding.EncodeToString(signedBytes)
7373

74-
load.Logrus.Debugf("Aliyun Signer: String to sign: %v", source)
75-
load.Logrus.Debugf("Aliyun Signer: Signature: %v", signedString)
74+
load.Logrus.Debug("Aliyun Signer: HMAC signature computed successfully")
7675

7776
return signedString
7877
}

internal/runtime/flex.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -159,7 +159,7 @@ func logEncryptPass() error {
159159
return err
160160
}
161161
log.Infof(" encrypt_pass: %s", cleartext)
162-
log.Infof(" pass_phrase: %s", load.Args.PassPhrase)
162+
log.Info(" pass_phrase: [REDACTED]")
163163
log.Infof(" encrypted pass: %x", cipherText)
164164

165165
return nil

0 commit comments

Comments
 (0)