From bfcff458f2f61712d70eda58f5ec5c3310cc27af Mon Sep 17 00:00:00 2001 From: Kirill Gontar Date: Sun, 12 Oct 2025 17:42:38 +0200 Subject: [PATCH 1/6] Avoid log spam --- openframe/openframe_token_refresher.cpp | 2 +- osquery/remote/transports/tls.cpp | 6 +++--- osquery/remote/utility.h | 2 +- plugins/remote/enroll/tls_enroll.cpp | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/openframe/openframe_token_refresher.cpp b/openframe/openframe_token_refresher.cpp index 8adb9265c8c..9a033ccb30f 100644 --- a/openframe/openframe_token_refresher.cpp +++ b/openframe/openframe_token_refresher.cpp @@ -64,7 +64,7 @@ void OpenframeTokenRefresher::process() { auth_manager.updateToken(new_token); LOG(INFO) << "Token successfully updated"; } else { - LOG(INFO) << "Token is up to date, no update needed"; + VLOG(1) << "Token is up to date, no update needed"; } } catch (const std::exception& e) { LOG(ERROR) << "Error during token refresh: " << e.what(); diff --git a/osquery/remote/transports/tls.cpp b/osquery/remote/transports/tls.cpp index aabb935fe16..279665ad308 100644 --- a/osquery/remote/transports/tls.cpp +++ b/osquery/remote/transports/tls.cpp @@ -98,12 +98,12 @@ void TLSTransport::decorateRequest(http::Request& r) { r << http::Request::Header("User-Agent", kTLSUserAgentBase + kVersion); if (FLAGS_openframe_mode) { - LOG(INFO) << "Adding Authorization header with Bearer token for openframe mode"; + VLOG(1) << "Adding Authorization header with Bearer token for openframe mode"; auto& auth_manager = OpenframeAuthorizationManagerProvider::getInstance(); std::string token = auth_manager.getToken(); if (!token.empty()) { r << http::Request::Header("Authorization", "Bearer " + token); - LOG(INFO) << "Token added to request"; + VLOG(1) << "Token added to request"; } else { LOG(ERROR) << "No token found in memory"; } @@ -116,7 +116,7 @@ http::Client::Options TLSTransport::getOptions() { options.follow_redirects(true).timeout(16); if (FLAGS_openframe_mode) { - LOG(INFO) << "Disable SSL verification for openframe mode"; + VLOG(1) << "Disable SSL verification for openframe mode"; options.always_verify_peer(false); return options; } diff --git a/osquery/remote/utility.h b/osquery/remote/utility.h index 1b5a89cbc86..89aa2a8fecd 100644 --- a/osquery/remote/utility.h +++ b/osquery/remote/utility.h @@ -58,7 +58,7 @@ class TLSRequestHelper : private boost::noncopyable { // Add the prefix "/tools/agent/fleetmdm-server" to all requests only if openframe mode is enabled if (FLAGS_openframe_mode) { - LOG(INFO) << "Adding /tools/agent/fleetmdm-server to URI for openframe mode"; + VLOG(1) << "Adding /tools/agent/fleetmdm-server to URI for openframe mode"; uri += "/tools/agent/fleetmdm-server"; } diff --git a/plugins/remote/enroll/tls_enroll.cpp b/plugins/remote/enroll/tls_enroll.cpp index ea798535e76..9d4cf19faa8 100644 --- a/plugins/remote/enroll/tls_enroll.cpp +++ b/plugins/remote/enroll/tls_enroll.cpp @@ -76,7 +76,7 @@ std::string TLSEnrollPlugin::enroll() { // Add the prefix "/tools/agent/fleetmdm-server" to all requests only if openframe mode is enabled if (FLAGS_openframe_mode) { - LOG(INFO) << "Adding /tools/agent/fleetmdm-server to URI for openframe mode"; + VLOG(1) << "Adding /tools/agent/fleetmdm-server to URI for openframe mode"; uri += "/tools/agent/fleetmdm-server"; } From e3f9c3173497004ad263b4631f192d54c3909a45 Mon Sep 17 00:00:00 2001 From: Kirill Gontar Date: Sun, 12 Oct 2025 18:00:01 +0200 Subject: [PATCH 2/6] Tmp build update --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 80ab4893a8c..8257bb23092 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -10,7 +10,7 @@ permissions: on: push: - branches: [master] + branches: [master,feature/sanitize-logs] paths-ignore: - "**/*.md" - '.github/**' From 5a4d2abf39d2f7ca076aa1fb472e55ef863a7ae2 Mon Sep 17 00:00:00 2001 From: Kirill Gontar Date: Sun, 12 Oct 2025 18:00:22 +0200 Subject: [PATCH 3/6] Trigger build --- osquery/main/main.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/osquery/main/main.cpp b/osquery/main/main.cpp index 37200c53354..9bb61623f68 100644 --- a/osquery/main/main.cpp +++ b/osquery/main/main.cpp @@ -39,7 +39,7 @@ namespace osquery { SHELL_FLAG(int32, profile, 0, - "Enable profile mode when non-0, set number of iterations"); + "Enable profile mode when non-0, set number of iterationss"); HIDDEN_FLAG(int32, profile_delay, From d98851d4a27a8dc2b039ebeb438fc9b40d197e18 Mon Sep 17 00:00:00 2001 From: Kirill Gontar Date: Thu, 5 Mar 2026 22:02:39 +0100 Subject: [PATCH 4/6] Done --- openframe/openframe_token_refresher.cpp | 7 +------ osquery/core/init.cpp | 8 ++------ osquery/remote/transports/tls.cpp | 3 --- osquery/remote/utility.h | 1 - plugins/remote/enroll/tls_enroll.cpp | 1 - 5 files changed, 3 insertions(+), 17 deletions(-) diff --git a/openframe/openframe_token_refresher.cpp b/openframe/openframe_token_refresher.cpp index 9a033ccb30f..6e3cf8def86 100644 --- a/openframe/openframe_token_refresher.cpp +++ b/openframe/openframe_token_refresher.cpp @@ -47,8 +47,6 @@ void OpenframeTokenRefresher::stop() { } void OpenframeTokenRefresher::process() { - LOG(INFO) << "Starting token refresh process..."; - try { auto new_token = extractor_->extractToken(); if (new_token.empty()) { @@ -60,11 +58,8 @@ void OpenframeTokenRefresher::process() { auto current_token = auth_manager.getToken(); if (new_token != current_token) { - LOG(INFO) << "Token has changed, updating authorization manager"; auth_manager.updateToken(new_token); - LOG(INFO) << "Token successfully updated"; - } else { - VLOG(1) << "Token is up to date, no update needed"; + LOG(INFO) << "Openframe token refreshed"; } } catch (const std::exception& e) { LOG(ERROR) << "Error during token refresh: " << e.what(); diff --git a/osquery/core/init.cpp b/osquery/core/init.cpp index 319f23af340..cf23330851a 100644 --- a/osquery/core/init.cpp +++ b/osquery/core/init.cpp @@ -218,18 +218,15 @@ void initOpenFrame() { } try { - // Create encryption service + // Create openframe token services auto encryption_service = std::make_shared(FLAGS_openframe_secret); - - // Create token extractor with encryption service auto token_extractor = std::make_shared(encryption_service, FLAGS_openframe_token_path); - // Get initial token and set it in authorization manager auto initial_token = token_extractor->extractToken(); if (!initial_token.empty()) { auto& auth_manager = OpenframeAuthorizationManagerProvider::getInstance(); auth_manager.updateToken(initial_token); - VLOG(1) << "Initial OpenFrame token set from token file"; + LOG(INFO) << "OpenFrame token extracted successfully"; } else { LOG(ERROR) << "Failed to get initial token from token file"; } @@ -237,7 +234,6 @@ void initOpenFrame() { // Create and start token refresher static auto token_refresher = std::make_shared(token_extractor); token_refresher->start(); - VLOG(1) << "OpenFrame token refresher started"; } catch (const std::exception& e) { LOG(ERROR) << "Failed to initialize OpenFrame components: " << e.what(); } diff --git a/osquery/remote/transports/tls.cpp b/osquery/remote/transports/tls.cpp index 279665ad308..fa0e3a9e027 100644 --- a/osquery/remote/transports/tls.cpp +++ b/osquery/remote/transports/tls.cpp @@ -98,12 +98,10 @@ void TLSTransport::decorateRequest(http::Request& r) { r << http::Request::Header("User-Agent", kTLSUserAgentBase + kVersion); if (FLAGS_openframe_mode) { - VLOG(1) << "Adding Authorization header with Bearer token for openframe mode"; auto& auth_manager = OpenframeAuthorizationManagerProvider::getInstance(); std::string token = auth_manager.getToken(); if (!token.empty()) { r << http::Request::Header("Authorization", "Bearer " + token); - VLOG(1) << "Token added to request"; } else { LOG(ERROR) << "No token found in memory"; } @@ -116,7 +114,6 @@ http::Client::Options TLSTransport::getOptions() { options.follow_redirects(true).timeout(16); if (FLAGS_openframe_mode) { - VLOG(1) << "Disable SSL verification for openframe mode"; options.always_verify_peer(false); return options; } diff --git a/osquery/remote/utility.h b/osquery/remote/utility.h index 89aa2a8fecd..225f2da76bb 100644 --- a/osquery/remote/utility.h +++ b/osquery/remote/utility.h @@ -58,7 +58,6 @@ class TLSRequestHelper : private boost::noncopyable { // Add the prefix "/tools/agent/fleetmdm-server" to all requests only if openframe mode is enabled if (FLAGS_openframe_mode) { - VLOG(1) << "Adding /tools/agent/fleetmdm-server to URI for openframe mode"; uri += "/tools/agent/fleetmdm-server"; } diff --git a/plugins/remote/enroll/tls_enroll.cpp b/plugins/remote/enroll/tls_enroll.cpp index 9d4cf19faa8..57c4f3e888a 100644 --- a/plugins/remote/enroll/tls_enroll.cpp +++ b/plugins/remote/enroll/tls_enroll.cpp @@ -76,7 +76,6 @@ std::string TLSEnrollPlugin::enroll() { // Add the prefix "/tools/agent/fleetmdm-server" to all requests only if openframe mode is enabled if (FLAGS_openframe_mode) { - VLOG(1) << "Adding /tools/agent/fleetmdm-server to URI for openframe mode"; uri += "/tools/agent/fleetmdm-server"; } From c549cfbccb408595576c67d698faeb0cf1caf8ce Mon Sep 17 00:00:00 2001 From: Kirill Gontar Date: Thu, 5 Mar 2026 22:04:11 +0100 Subject: [PATCH 5/6] Done --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 8257bb23092..80ab4893a8c 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -10,7 +10,7 @@ permissions: on: push: - branches: [master,feature/sanitize-logs] + branches: [master] paths-ignore: - "**/*.md" - '.github/**' From 7f03b7db2da08ae80aa29cf8f97831ccfcac5035 Mon Sep 17 00:00:00 2001 From: Kirill Gontar Date: Thu, 5 Mar 2026 22:05:58 +0100 Subject: [PATCH 6/6] Done --- osquery/main/main.cpp | 2 +- osquery/remote/transports/tls.cpp | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/osquery/main/main.cpp b/osquery/main/main.cpp index 9bb61623f68..37200c53354 100644 --- a/osquery/main/main.cpp +++ b/osquery/main/main.cpp @@ -39,7 +39,7 @@ namespace osquery { SHELL_FLAG(int32, profile, 0, - "Enable profile mode when non-0, set number of iterationss"); + "Enable profile mode when non-0, set number of iterations"); HIDDEN_FLAG(int32, profile_delay, diff --git a/osquery/remote/transports/tls.cpp b/osquery/remote/transports/tls.cpp index fa0e3a9e027..e10ee3ac9ac 100644 --- a/osquery/remote/transports/tls.cpp +++ b/osquery/remote/transports/tls.cpp @@ -102,8 +102,6 @@ void TLSTransport::decorateRequest(http::Request& r) { std::string token = auth_manager.getToken(); if (!token.empty()) { r << http::Request::Header("Authorization", "Bearer " + token); - } else { - LOG(ERROR) << "No token found in memory"; } } }