Filter out `message` param from logs. (!203237) · Merge requests · GitLab.org / GitLab

What does this MR do and why?

Filter out param message from ending up in the logs as this might contain sensitive information. See issue: https://gitlab.com/gitlab-org/gitlab/-/issues/547406

References

Screenshots or screen recordings

Before	After

How to set up and validate locally

Start with the default branch, ensure Duo works for your GDK. Execute the following cURL:

curl -H "Private-Token: glpat-<redacted>" \
     -H "Content-Type: application/json" \
     -XPOST 'http://127.0.0.1:3000/api/v4/ai/duo_workflows/workflows/1/events' \
     -d '{
       "message": "hello_world",
       "event_type": "message"
       }'

Then check the logs: tail log/api_json.log | grep message you should see something like this:

"params":[{"key":"message","value":"hello_world"}

Now checkout this branch. And run the same cURL again followed by tail log/api_json.log | grep message you should see something like this:

"params":[{"key":"message","value":"[FILTERED]"}

Notice the value is now filtered out.

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #547406

Filter out message param from logs.

What does this MR do and why?

References

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports

Filter out `message` param from logs.