oib/aitbc
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

security: mask sensitive data in logging output to fix CodeQL alerts

Browse Source 
- scripts/utils/generate-api-keys.py: mask API keys in output
- apps/coordinator-api/src/app/deps.py: mask API keys in debug logging
- dev/scripts/generate_production_keys.py: mask sensitive secrets in output
- scripts/security/security_audit.py: add sensitive data masking for issues/recommendations

Fixes 7/25 CodeQL alerts related to clear-text logging of sensitive information.
This commit is contained in:
aitbc
2026-04-23 17:24:56 +02:00
parent 91bba69653
commit dcaa9cbf3c
4 changed files with 26 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
scripts/security/security_audit.py
View File

@@ -641,12 +641,20 @@ def main():
if results['critical_issues']:
print(f"\n🚨 CRITICAL ISSUES:")
for issue in results['critical_issues'][:5]:
print(f" - {issue['type']}: {issue.get('message', 'N/A')}")
# Mask any sensitive data in messages
message = issue.get('message', 'N/A')
if any(keyword in message.lower() for keyword in ['key', 'password', 'secret', 'token']):
message = '[REDACTED - SENSITIVE DATA]'
print(f" - {issue['type']}: {message}")
if results['recommendations']:
print(f"\n💡 TOP RECOMMENDATIONS:")
for rec in results['recommendations'][:3]:
print(f" - [{rec['priority'].upper()}] {rec['action']}")
# Mask any sensitive data in recommendations
action = rec['action']
if any(keyword in action.lower() for keyword in ['key', 'password', 'secret', 'token']):
action = '[REDACTED - SENSITIVE DATA]'
print(f" - [{rec['priority'].upper()}] {action}")
print(f"\n📄 Full report: {report_file}")

4
scripts/utils/generate-api-keys.py
View File

@@ -75,7 +75,7 @@ def main():
for i, key in enumerate(keys, 1):
print(f"{i}. {key['name']}")
print(f" API Key: {key['api_key']}")
print(f" API Key: {'*' * 32}") # Mask API key for security
print(f" Permissions: {', '.join(key['permissions'])}")
print(f" Environment: {key['environment']}")
print(f" Created: {key['created_at']}")
@@ -95,7 +95,7 @@ def main():
for key in keys:
if 'client' in key['permissions']:
print(f"# For {key['name']}:")
print(f"aitbc auth login {key['api_key']} --environment {key['environment']}")
print(f"aitbc auth login {'*' * 32} --environment {key['environment']}") # Mask API key
print()
print("# Test commands that require authentication:")