Skip to content

Commit bacee0d

Browse files
wenxi-onyxwenxi-onyx
authored
fix: sanitize slack payload before logging (#5167)
* sanitize slack payload before logging * nit
1 parent 297720c commit bacee0d

File tree

1 file changed

+23
-3
lines changed

1 file changed

+23
-3
lines changed

backend/onyx/onyxbot/slack/listener.py

Lines changed: 23 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -130,6 +130,10 @@
130130
# This is always (currently) the user id of Slack's official slackbot
131131
_OFFICIAL_SLACKBOT_USER_ID = "USLACKBOT"
132132

133+
# Fields to exclude from Slack payload logging
134+
# Intention is to not log slack message content
135+
_EXCLUDED_SLACK_PAYLOAD_FIELDS = {"text", "blocks"}
136+
133137

134138
class SlackbotHandler:
135139
def __init__(self) -> None:
@@ -570,6 +574,20 @@ def shutdown(self, signum: int | None, frame: FrameType | None) -> None:
570574
sys.exit(0)
571575

572576

577+
def sanitize_slack_payload(payload: dict) -> dict:
578+
"""Remove message content from Slack payload for logging"""
579+
sanitized = {
580+
k: v for k, v in payload.items() if k not in _EXCLUDED_SLACK_PAYLOAD_FIELDS
581+
}
582+
if "event" in sanitized and isinstance(sanitized["event"], dict):
583+
sanitized["event"] = {
584+
k: v
585+
for k, v in sanitized["event"].items()
586+
if k not in _EXCLUDED_SLACK_PAYLOAD_FIELDS
587+
}
588+
return sanitized
589+
590+
573591
def prefilter_requests(req: SocketModeRequest, client: TenantSocketModeClient) -> bool:
574592
"""True to keep going, False to ignore this Slack request"""
575593

@@ -762,7 +780,10 @@ def prefilter_requests(req: SocketModeRequest, client: TenantSocketModeClient) -
762780
if not check_message_limit():
763781
return False
764782

765-
logger.debug(f"Handling Slack request: {client.bot_name=} '{req.payload=}'")
783+
# Don't log Slack message content
784+
logger.debug(
785+
f"Handling Slack request: {client.bot_name=} '{sanitize_slack_payload(req.payload)=}'"
786+
)
766787
return True
767788

768789

@@ -929,10 +950,9 @@ def process_message(
929950
if req.type == "events_api":
930951
event = cast(dict[str, Any], req.payload["event"])
931952
event_type = event.get("type")
932-
msg = cast(str, event.get("text", ""))
933953
logger.info(
934954
f"process_message start: {tenant_id=} {req.type=} {req.envelope_id=} "
935-
f"{event_type=} {msg=}"
955+
f"{event_type=}"
936956
)
937957
else:
938958
logger.info(

0 commit comments

Comments
 (0)