Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(masking): mask email while logging SQL query #4436

Merged
merged 4 commits into from Apr 23, 2024
Merged

fix(masking): mask email while logging SQL query #4436

merged 4 commits into from Apr 23, 2024

Conversation

dracarys18
Copy link
Member

@dracarys18 dracarys18 commented Apr 23, 2024
edited

Type of Change

  • Bugfix

Description

Pass the masked email in the SQL query function.

Motivation and Context

This fixes plaintext logging of email during find and update users by email. In this change instead of passing the plain-text email into the function, changed it to masked email which will mask the email while logging.

How did you test it?

  • Signup a new user
curl --location 'http://localhost:8080/user/signup' \
--header 'Content-Type: application/json' \
--data-raw '{
    "email": "mani@test.in",
    "password": "password"
}'
  • Signin the user
curl --location 'http://localhost:8080/user/v2/signin' \
--header 'Content-Type: application/json' \
--header 'Cookie: login_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoiOTg4N2YzNzQtNDYyZC00MDU1LWE4NGEtZDY5MzU3NTNmZjY2IiwibWVyY2hhbnRfaWQiOiJtZXJjaGFudF8xNzEzODYyNzU2Iiwicm9sZV9pZCI6Im9yZ19hZG1pbiIsImV4cCI6MTcxNDAzNTU4MCwib3JnX2lkIjoib3JnX3hjVDhqaUdZWTAza2pqUFlHakt4In0._xY56Sv8A3doS6NY00eSqRJxoQA3i-koNkcvtbdv4fI' \
--data-raw '{
    "email": "mani@test.in",
    "password": "password"
}'
  • Search the logs if plain text email is logged or not. In grafana, data source as loki
{app="bach"} |~ `^[\w\-\.]+@([\w-]+\.)+[\w-]{2,}$`

Checklist

  • I formatted the code cargo +nightly fmt --all
  • I addressed lints thrown by cargo clippy
  • I reviewed the submitted code

@dracarys18 dracarys18 added A-core Area: Core flows S-waiting-on-review Status: This PR has been implemented and needs to be reviewed labels Apr 23, 2024
@dracarys18 dracarys18 added this to the April 2024 milestone Apr 23, 2024
@dracarys18 dracarys18 self-assigned this Apr 23, 2024
@dracarys18 dracarys18 requested review from a team as code owners April 23, 2024 08:41
@dracarys18 dracarys18 changed the title fix(masking): mask email during query fix(masking): mask email while logging SQL query Apr 23, 2024
lsampras
lsampras previously approved these changes Apr 23, 2024
View reviewed changes
@dracarys18 dracarys18 linked an issue Apr 23, 2024 that may be closed by this pull request
[BUG] Mask Email while logging SQL query #4439
Open
ThisIsMani
ThisIsMani previously approved these changes Apr 23, 2024
View reviewed changes
racnan
racnan reviewed Apr 23, 2024
View reviewed changes
crates/router/src/core/user.rs Outdated Show resolved Hide resolved
crates/router/src/core/user.rs Outdated Show resolved Hide resolved
crates/router/src/core/user.rs Outdated Show resolved Hide resolved
crates/router/src/core/user.rs Outdated Show resolved Hide resolved
@dracarys18 dracarys18 dismissed stale reviews from ThisIsMani and lsampras via 03769d4 April 23, 2024 10:12
@Gnanasundari24 Gnanasundari24 added this pull request to the merge queue Apr 23, 2024
Merged via the queue into main with commit 4c81a66 Apr 23, 2024
19 of 21 checks passed
@Gnanasundari24 Gnanasundari24 deleted the mask_email branch April 23, 2024 11:51
akshay-97 pushed a commit that referenced this pull request Apr 24, 2024
@dracarys18
fix(masking): mask email while logging SQL query (#4436)
7c915b3
@dracarys18 dracarys18 mentioned this pull request Apr 24, 2024
Merged
15 tasks
@SanchithHegde SanchithHegde removed the S-waiting-on-review Status: This PR has been implemented and needs to be reviewed label Apr 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@racnan racnan racnan approved these changes

@ThisIsMani ThisIsMani ThisIsMani approved these changes

@lsampras lsampras Awaiting requested review from lsampras

Assignees

@dracarys18 dracarys18

Labels
A-core Area: Core flows
Projects
None yet
Milestone
April 2024 Release
Development

Successfully merging this pull request may close these issues.

[BUG] Mask Email while logging SQL query
6 participants
@dracarys18 @lsampras @racnan @ThisIsMani @SanchithHegde @Gnanasundari24