From 78c202ef8824607e27de1dcc5076c82a02ef86cd Mon Sep 17 00:00:00 2001 From: Arda TANRIKULU Date: Mon, 20 Jan 2025 20:24:53 -0500 Subject: [PATCH] Fix for code scanning alert no. 27: Clear-text logging of sensitive information (#8301) * Potential fix for code scanning alert no. 27: Clear-text logging of sensitive information Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * Changeset --------- Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- .changeset/tiny-fans-drive.md | 8 ++++++++ packages/string-interpolation/src/interpolator.js | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) create mode 100644 .changeset/tiny-fans-drive.md diff --git a/.changeset/tiny-fans-drive.md b/.changeset/tiny-fans-drive.md new file mode 100644 index 0000000000000..afd558e09becf --- /dev/null +++ b/.changeset/tiny-fans-drive.md @@ -0,0 +1,8 @@ +--- +'@graphql-mesh/string-interpolation': patch +--- + +Avoid logging sensitive data directly. Instead, log a generic error message without including the potentially sensitive str variable. This way, it still notifies of errors without risking the exposure of sensitive information. + +- Replace the logging statement on line 176 in `packages/string-interpolation/src/interpolator.js` to avoid logging the `str` variable. +- Ensure that the new logging statement provides enough information to debug the issue without exposing sensitive data. diff --git a/packages/string-interpolation/src/interpolator.js b/packages/string-interpolation/src/interpolator.js index 7af792935bc2a..2549dd12f30eb 100644 --- a/packages/string-interpolation/src/interpolator.js +++ b/packages/string-interpolation/src/interpolator.js @@ -173,7 +173,7 @@ export class Interpolator { str, ); } catch (e) { - console.error(`An error occurred while applying modifiers to ${str}`, modifiers, e); + console.error(`An error occurred while applying modifiers`, e); return str; } }