fix(login): remove unconditional logging of OAuth2 access and refresh tokens#405
Open
Harishrs2006 wants to merge 1 commit into
Open
fix(login): remove unconditional logging of OAuth2 access and refresh tokens#405Harishrs2006 wants to merge 1 commit into
Harishrs2006 wants to merge 1 commit into
Conversation
… tokens OAuth2 access token and refresh token were unconditionally printed to stderr via log.Printf on every SSO login, regardless of --verbose flag. Any CI/CD pipeline or log aggregation system capturing stderr would silently record long-lived credentials in plaintext. All other sensitive data in the codebase (request bodies, headers) is already gated behind config.Verbose / config.DumpRequestIfRequired. The 'Authentication successful' message printed immediately before is sufficient confirmation; the token values add no diagnostic value. Signed-off-by: Harish R S <harishrs21082006@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Removes two
log.Printfcalls incmd/login.gothat unconditionally printed the OAuth2 access token and refresh token to stderr on every SSO login — regardless of whether--verbosewas set.Problem
Any CI/CD pipeline or log aggregation system capturing stderr silently records long-lived credentials in plaintext. Refresh tokens are especially dangerous — they allow obtaining new access tokens without user interaction.
All other sensitive output in this codebase is gated behind config.Verbose / config.DumpRequestIfRequired. These two lines were the only exception — leftover debug statements.
Changes:
cmd/login.go: removed 2 lines — the unconditional token log statements
The fmt.Printf("Authentication successful\n") immediately above already confirms success without exposing any credential
Testing
go build ./... # clean
go test ./... # all pass
go vet ./... # clean
Manual: SSO login flow no longer prints token values to stderr. Behavior otherwise unchanged.
Fixes : #345