Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Chore.bol load r7 #5237

Draft
wants to merge 29 commits into
base: master
Choose a base branch
from
Draft

Chore.bol load r7 #5237

wants to merge 29 commits into from

Conversation

lvrach
Copy link
Member

@lvrach lvrach commented Oct 25, 2024

Description

< Replace with adequate description for this PR as per Pull Request document >

Linear Ticket

< Replace with Linear Link ( create or search linear ticket) or >

Security

  • The code changed/added as part of this pull request won't create any security issues with how the software is being used.

dbURL := fmt.Sprintf("postgres://postgres:%s@localhost:%d/testdb?sslmode=disable", randomPassword, freePort)

// Print the database URL
fmt.Printf("Database URL: %s\n", dbURL)

Check failure

Code scanning / CodeQL

Clear-text logging of sensitive information High

Sensitive data returned by an access to randomPassword
flows to a logging call.

Copilot Autofix AI 14 days ago

To fix the problem, we should avoid logging the sensitive information contained in randomPassword. Instead of printing the entire dbURL, we can print a sanitized version that omits the password. This way, we maintain the functionality of logging the database URL without exposing sensitive information.

Suggested changeset 1
jobsdb/cmd/bench/main.go

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/jobsdb/cmd/bench/main.go b/jobsdb/cmd/bench/main.go
--- a/jobsdb/cmd/bench/main.go
+++ b/jobsdb/cmd/bench/main.go
@@ -146,5 +146,6 @@
 	dbURL := fmt.Sprintf("postgres://postgres:%s@localhost:%d/testdb?sslmode=disable", randomPassword, freePort)
+	sanitizedDbURL := fmt.Sprintf("postgres://postgres:****@localhost:%d/testdb?sslmode=disable", freePort)
 
-	// Print the database URL
-	fmt.Printf("Database URL: %s\n", dbURL)
+	// Print the sanitized database URL
+	fmt.Printf("Database URL: %s\n", sanitizedDbURL)
 
EOF
@@ -146,5 +146,6 @@
dbURL := fmt.Sprintf("postgres://postgres:%s@localhost:%d/testdb?sslmode=disable", randomPassword, freePort)
sanitizedDbURL := fmt.Sprintf("postgres://postgres:****@localhost:%d/testdb?sslmode=disable", freePort)

// Print the database URL
fmt.Printf("Database URL: %s\n", dbURL)
// Print the sanitized database URL
fmt.Printf("Database URL: %s\n", sanitizedDbURL)

Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
fmt.Printf("\nFinal results:\n")
fmt.Printf("Processed %d events in %v\n", totalEvents, elapsed)
fmt.Printf("Average rate: %.2f events/second\n", float64(totalEvents)/elapsed.Seconds())
fmt.Printf("Database URL: %s\n", dbURL)

Check failure

Code scanning / CodeQL

Clear-text logging of sensitive information High

Sensitive data returned by an access to randomPassword
flows to a logging call.
0.5, 1, 2.5, 5, 10, 30, 60, 120, 180, 300, 600, 1800, 3600, 7200, 10800, 21600, 32400, 86400, // 0.5s, 1s, 2.5s, 5s, 10s, 30s, 1m, 2m, 3m, 5m, 10m, 30m, 1h, 2h, 3h, 6h, 9h, 24h
},
"event_delivery_from_sent_time": {
0.5, 1, 2.5, 5, 10, 30, 60, 120, 180, 300, 600, 1800, 3600, 7200, 10800, 21600, 32400, 86400, // 0.5s, 1s, 2.5s, 5s, 10s, 30s, 1m, 2m, 3m, 5m, 10m, 30m, 1h, 2h, 3h, 6h, 9h, 24h
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do we need all these buckets? can we skip 2.5s, 2m, 3m, 2h as we might not need this much granular information.

"module": "router",
"destType": w.rt.destType,
"destID": destination.ID,
"destination": destinationTag,
Copy link
Contributor

@mihir20 mihir20 Oct 30, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we can skip destination tag as it is combination of destinationID and destName. we already have destID

"destination": destinationTag,
"workspaceId": status.WorkspaceId,
"sourceId": destinationJobMetadata.SourceID,
"sourceCategory": destinationJobMetadata.SourceCategory,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do we need source category as well here we already have sourceID

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants