Inicio Explorar Ayuda
Registro Iniciar sesión
ai
/
OpenHands
2
0
Fork 0
Archivos Incidencias 0 Pull Requests 0 Wiki
Explorar el Código

fix: logger with more masking of sensitive data (#2470)

* fix: more logger sensitive masking

* fix: test_config.py updated for more sensitive patterns

* added one more...
tobitege hace 1 año
padre
798921cec3
commit
d2509a19c8
Se han modificado 4 ficheros con 17 adiciones y 1 borrados
Dividir vista Mostrar estadísticas de diff
  1. 6 1
      opendevin/core/config.py
  2. 4 0
      opendevin/core/logger.py
  3. 6 0
      tests/unit/test_config.py
  4. 1 0
      tests/unit/test_logging.py

+ 6 - 1
opendevin/core/config.py
Ver fichero 

@@ -224,7 +224,12 @@ class AppConfig(metaclass=Singleton):
 
             attr_name = f.name
 
             attr_value = getattr(self, f.name)
 
 
-            if attr_name in ['e2b_api_key', 'github_token']:
 
+            if attr_name in [
 
+                'e2b_api_key',
 
+                'github_token',
 
+                'jwt_secret',
 
+                'ssh_password',
 
+            ]:
 
                 attr_value = '******' if attr_value else None
 
 
             attr_str.append(f'{attr_name}={repr(attr_value)}')

+ 4 - 0
opendevin/core/logger.py
Ver fichero 

@@ -81,6 +81,8 @@ class SensitiveDataFilter(logging.Filter):
 
             'aws_secret_access_key',
 
             'e2b_api_key',
 
             'github_token',
 
+            'jwt_secret',
 
+            'ssh_password',
 
         ]
 
 
         # add env var names
 
@@ -88,7 +90,9 @@ class SensitiveDataFilter(logging.Filter):
 
         sensitive_patterns.extend(env_vars)
 
 
         # and some special cases
 
+        sensitive_patterns.append('JWT_SECRET')
 
         sensitive_patterns.append('LLM_API_KEY')
 
+        sensitive_patterns.append('GITHUB_TOKEN')
 
         sensitive_patterns.append('SANDBOX_ENV_GITHUB_TOKEN')
 
 
         # this also formats the message with % args

+ 6 - 0
tests/unit/test_config.py
Ver fichero 

@@ -315,9 +315,15 @@ def test_api_keys_repr_str():
 
         llm=llm_config,
 
         agent=agent_config,
 
         e2b_api_key='my_e2b_api_key',
 
+        jwt_secret='my_jwt_secret',
 
+        ssh_password='my_ssh_password',
 
     )
 
     assert "e2b_api_key='******'" in repr(app_config)
 
     assert "e2b_api_key='******'" in str(app_config)
 
+    assert "jwt_secret='******'" in repr(app_config)
 
+    assert "jwt_secret='******'" in str(app_config)
 
+    assert "ssh_password='******'" in repr(app_config)
 
+    assert "ssh_password='******'" in str(app_config)
 
 
     # Check that no other attrs in AppConfig have 'key' or 'token' in their name
 
     # This will fail when new attrs are added, and attract attention

+ 1 - 0
tests/unit/test_logging.py
Ver fichero 

@@ -102,6 +102,7 @@ def test_sensitive_env_vars_masking(test_handler):
 
         'AWS_SECRET_ACCESS_KEY': 'AWS_SECRET_ACCESS_KEY_VALUE',
 
         'E2B_API_KEY': 'E2B_API_KEY_VALUE',
 
         'GITHUB_TOKEN': 'GITHUB_TOKEN_VALUE',
 
+        'JWT_SECRET': 'JWT_SECRET_VALUE',
 
     }
 
 
     log_message = ' '.join(