Fix: Prevent log injection and sensitive URL leakage in backend logging#272
Fix: Prevent log injection and sensitive URL leakage in backend logging#272Madhavi1108 wants to merge 1 commit into
Conversation
|
🎉 Thank you @Madhavi1108 for submitting a Pull Request! We're excited to review your contribution. Before Review✅ Ensure all CI checks pass ⚡ Want faster reviews and contributor support? Join our Discord community: 🔗 https://discord.gg/FcXuyw2Rs Maintainers and mentors are active there and can help resolve blockers quickly. Happy Contributing! 🚀 |
|
Correct PR TemplatePlease copy and paste the raw template below into your PR description and fill it out: > **Before opening:** make sure there is an issue tracking this work, and link it below. PRs without a linked issue may be closed without review.
## Linked issue
Closes #
## What this PR does
## Type of change
- [ ] Bug fix
- [ ] New feature
- [ ] ML model / training pipeline
- [ ] Refactor (no behaviour change)
- [ ] Documentation
- [ ] Tests only
## ML tier (if applicable)
- [ ] Tier 1 — Triage
- [ ] Tier 2 — Predictive
- [ ] Tier 3 — Autonomous
- [ ] Not ML-related
## Stack affected
- [ ] Backend
- [ ] Frontend
- [ ] Both
---
## Changes
### Backend
-
### Frontend
-
### New dependencies
-
### Database / schema changes
-
---
## Testing
**How did you test this?**
**Checklist**
- [ ] Tested locally end-to-end (upload ZIP or GitHub URL → scan → findings returned correctly)
- [ ] New ML model falls back gracefully when model file is absent
- [ ] No new `console.error` or unhandled Python exceptions introduced
- [ ] Added or updated tests where applicable
- [ ] `requirements.txt` / `package.json` updated if new dependencies added
- [ ] New model files (`.pkl`, `.pt`, etc.) are gitignored, not committed
---
## Anything reviewers should focus on
## Screenshots (if UI changed)
|
|
Hi @ionfwsrijan , |
|
CI issue @Madhavi1108 |
Linked issue
Closes #270
What this PR does
This PR strengthens backend logging security by preventing sensitive URL information from being written to logs, mitigating potential log injection vulnerabilities, validating Git branch references, and replacing eager string interpolation with Python's recommended lazy logging practices.
Type of change
ML tier (if applicable)
Stack affected
Changes
Backend
sanitize_url_for_log()to remove query parameters, fragments, and embedded credentials before logging URLs.download_to_path()to use structured, lazy logging withextra={...}instead of eager f-string interpolation.github_zip_url()using a regular expression.ollama_health()logging to use lazy%sformatting instead of f-strings.Frontend
New dependencies
Database / schema changes
Testing
How did you test this?
backend/app/main.pycompiles successfully without syntax errors.Checklist
console.erroror unhandled Python exceptions introducedrequirements.txt/package.jsonupdated if new dependencies added.pkl,.pt, etc.) are gitignored, not committed (no model files added)Anything reviewers should focus on
Please review:
download_to_path()and its compatibility with the existing logging configuration.Screenshots (if UI changed)
Not applicable — backend-only security fix.