Skip to content

fix: filter log #1445

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
NaianFelix wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix: filter log #1445

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions utils/fetch.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,7 @@ export const fetchSafe = async (
if (isManual && isRedirect) {
return response;
}
console.error(input)
Copy link
Contributor

@coderabbitai coderabbitai bot Nov 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Logging raw URLs can expose PII and secrets.

The input parameter may contain sensitive data such as user identifiers (emails, user IDs) in the URL path or query parameters, as well as secrets (API keys, tokens, passwords) that should never be logged. This creates privacy violations (GDPR/CCPA) and security risks.

Consider one of these approaches:

Option 1: Add URL sanitization before logging

-  console.error(input)
+  const sanitizedUrl = typeof input === 'string' 
+    ? new URL(input).origin + new URL(input).pathname 
+    : input instanceof URL 
+    ? input.origin + input.pathname 
+    : input.url;
+  console.error('HTTP error for:', sanitizedUrl, 'Status:', response.status);

Option 2: Use structured logging with status code (no URL)

-  console.error(input)
+  console.error('HTTP request failed', { status: response.status, type: typeof input });

Also note: Missing semicolon at the end of line 50.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
console.error(input)
const sanitizedUrl = typeof input === 'string'
? new URL(input).origin + new URL(input).pathname
: input instanceof URL
? input.origin + input.pathname
: input.url;
console.error('HTTP error for:', sanitizedUrl, 'Status:', response.status);
Suggested change
console.error(input)
console.error('HTTP request failed', { status: response.status, type: typeof input });
🤖 Prompt for AI Agents 
In utils/fetch.ts around line 50, the code currently logs the raw `input` URL
which can expose PII or secrets and also is missing a semicolon; replace the raw
console.error(input) with a safe logging approach: either sanitize the URL
(strip query params and sensitive path segments like tokens/keys) before logging
or log only structured metadata (method, status code, hostname) without the full
URL, and ensure the statement ends with a semicolon; implement one sanitization
utility or structured log call and remove any direct printing of the full
`input`.

throw new HttpError(response.status, `${await response.text()}`);
};
export const fetchAPI = async <T>(
Expand Down