fix: resolve CodeQL clear-text logging alerts by removing sensitive data from logs

novatechflow · novatechflow · commit 085a400aa388 · 2026-02-21T21:29:59.000+01:00
diff --git a/frontend/src/components/settings/ApiKeyManager.jsx b/frontend/src/components/settings/ApiKeyManager.jsx
@@ -84,7 +84,7 @@ const ApiKeyManager = ({ canGenerate }) => {
         if (providersResponse.status === 'fulfilled') {
           setProviders(providersResponse.value.data || []);
         } else {
-          console.error("Failed to fetch providers:", providersResponse.reason);
+          console.error("Failed to fetch providers:", providersResponse.reason?.message || providersResponse.reason);
           setProviders([]);
         }
 
@@ -95,7 +95,7 @@ const ApiKeyManager = ({ canGenerate }) => {
           const existingScalytics = userKeys.some(key => key.provider_name === 'Scalytics API');
           setHasExistingScalyticsKey(existingScalytics);
         } else {
-           console.error("Failed to fetch user API keys:", apiKeysResponse.reason);
+           console.error("Failed to fetch user API keys:", apiKeysResponse.reason?.message || apiKeysResponse.reason);
           setApiKeys([]);
           setHasExistingScalyticsKey(false);
         }
@@ -107,7 +107,7 @@ const ApiKeyManager = ({ canGenerate }) => {
              (userData.groups && userData.groups.some(g => g.name.toLowerCase() === 'administrator')));
           setIsAdmin(userIsAdmin);
         } else {
-           console.error("Failed to fetch user info:", userInfoResponse.reason);
+           console.error("Failed to fetch user info:", userInfoResponse.reason?.message || userInfoResponse.reason);
           setIsAdmin(false);
         }
       } catch (err) {
diff --git a/frontend/src/setupTests.js b/frontend/src/setupTests.js
@@ -23,5 +23,6 @@ console.error = (...args) => {
   if (typeof args[0] === 'string' && args[0].includes('not wrapped in act(...)')) {
     return;
   }
+  // CodeQL [js/clear-text-logging] - Intentional wrapper for test environment silencing
   originalError(...args);
 };
diff --git a/src/controllers/deepSearchApiController.js b/src/controllers/deepSearchApiController.js
@@ -365,7 +365,7 @@ const initiateDeepSearchStream = async (req, res, next) => {
     });
 
     if (missingKeys.length > 0) {
-      console.error(`[DeepSearchAPI:${apiTaskId}] Missing or invalid required API keys: ${missingKeys.join(', ')} in api_config:`, api_config);
+      console.error(`[DeepSearchAPI:${apiTaskId}] Missing or invalid required API keys: ${missingKeys.join(', ')}`);
       return next(new APIError(`Missing or invalid API keys: ${missingKeys.join(', ')}. Please ensure these are configured in your account or system.`, 400));
     }
 
diff --git a/src/controllers/liveSearchApiController.js b/src/controllers/liveSearchApiController.js
@@ -347,7 +347,7 @@ const initiateLiveSearchStream = async (req, res, next) => {
     });
 
     if (missingKeys.length > 0) {
-      console.error(`[DeepSearchAPI:${apiTaskId}] Missing or invalid required API keys: ${missingKeys.join(', ')} in api_config:`, api_config);
+      console.error(`[DeepSearchAPI:${apiTaskId}] Missing or invalid required API keys: ${missingKeys.join(', ')}`);
       return next(new APIError(`Missing or invalid API keys: ${missingKeys.join(', ')}. Please ensure these are configured in your account or system.`, 400));
     }
 

Original file line number	Diff line number	Diff line change
`@@ -23,5 +23,6 @@ console.error = (...args) => {`
`23`	`23`	`if (typeof args[0] === 'string' && args[0].includes('not wrapped in act(...)')) {`
`24`	`24`	`return;`
`25`	`25`	`}`
	`26`	`+ // CodeQL [js/clear-text-logging] - Intentional wrapper for test environment silencing`
`26`	`27`	`originalError(...args);`
`27`	`28`	`};`
Original file line number	Diff line number	Diff line change
`@@ -365,7 +365,7 @@ const initiateDeepSearchStream = async (req, res, next) => {`
`365`	`365`	`});`
`366`	`366`
`367`	`367`	`if (missingKeys.length > 0) {`
`368`		- console.error(`[DeepSearchAPI:${apiTaskId}] Missing or invalid required API keys: ${missingKeys.join(', ')} in api_config:`, api_config);
	`368`	+ console.error(`[DeepSearchAPI:${apiTaskId}] Missing or invalid required API keys: ${missingKeys.join(', ')}`);
`369`	`369`	return next(new APIError(`Missing or invalid API keys: ${missingKeys.join(', ')}. Please ensure these are configured in your account or system.`, 400));
`370`	`370`	`}`
`371`	`371`
Original file line number	Diff line number	Diff line change
`@@ -347,7 +347,7 @@ const initiateLiveSearchStream = async (req, res, next) => {`
`347`	`347`	`});`
`348`	`348`
`349`	`349`	`if (missingKeys.length > 0) {`
`350`		- console.error(`[DeepSearchAPI:${apiTaskId}] Missing or invalid required API keys: ${missingKeys.join(', ')} in api_config:`, api_config);
	`350`	+ console.error(`[DeepSearchAPI:${apiTaskId}] Missing or invalid required API keys: ${missingKeys.join(', ')}`);
`351`	`351`	return next(new APIError(`Missing or invalid API keys: ${missingKeys.join(', ')}. Please ensure these are configured in your account or system.`, 400));
`352`	`352`	`}`
`353`	`353`