fix: remove credential file log #5429
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
There was a problem hiding this comment.
Greptile Summary
This PR fixes a security vulnerability by preventing sensitive credential file paths from being exposed in log outputs. The change modifies the _safe_model_config() method in backend/onyx/llm/chat_llm.py to mask the credentials_file field when logging LLM model configurations.
The implementation follows the existing security pattern already established for the api_key field. When a credentials_file is present and non-empty in the model configuration, it gets masked using the mask_string() utility function before being logged. This prevents sensitive file paths (particularly those containing authentication credentials for services like Google Vertex AI) from appearing in debug logs or long-term logging outputs.
The _safe_model_config() method is used throughout the codebase for logging model configurations during various operations (lines 336, 341, 358, 374), making this security fix broadly applicable. The change is minimal, targeted, and maintains consistency with existing security practices in the codebase.
Confidence score: 5/5
- This PR is extremely safe to merge with virtually no risk of causing production issues
- Score reflects a simple, well-targeted security fix that follows existing patterns and addresses a clear vulnerability
- No files require special attention as this is a straightforward security enhancement
Context used:
Rule - Remove temporary debugging code before merging to production, especially tenant-specific debugging logs. (link)
1 file reviewed, no comments
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
Description
[Provide a brief description of the changes in this PR]
How Has This Been Tested?
[Describe the tests you ran to verify your changes]
Backporting (check the box to trigger backport action)
Note: You have to check that the action passes, otherwise resolve the conflicts manually and tag the patches.
Summary by cubic
Stop logging the raw credentials_file in LLM model config logs. It’s now masked (like api_key) to avoid exposing sensitive paths.