fix: omit request body from PINECONE_DEBUG_CURL output (CodeQL)#688
Open
jhamon wants to merge 2 commits into
Open
fix: omit request body from PINECONE_DEBUG_CURL output (CodeQL)#688jhamon wants to merge 2 commits into
jhamon wants to merge 2 commits into
Conversation
Resolves CodeQL py/clear-text-logging-sensitive-data alert #83. _log_curl logs a curl-equivalent for debugging, but including the raw request body could expose vector data. Emit body size instead, which is enough for debugging while removing the taint source. Headers are already redacted via _redact_headers (Api-Key masked). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This PR changed _log_curl to emit '-d <N bytes>' instead of the raw body (CodeQL cleartext-logging remediation), which made the existing test_curl_logging_includes_body assertion stale — it still required the raw payload to appear in the log, so unit tests failed on py3.10–3.13. Rename to test_curl_logging_omits_body_content and assert the new contract: '-d ' is present, the size marker '<27 bytes>' is present, and the raw body is NOT logged. Verified: pytest tests/unit/test_debug_logging.py -> 10 passed. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Collaborator
Author
|
PR Feedback Autofix pass The unit-test failure (py3.10–3.13) was self-inflicted: this PR changed Fixed in 22719d7: renamed the test to |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Resolves CodeQL
py/clear-text-logging-sensitive-dataalert #83 atpinecone/_internal/http_client.py:118.Problem
_log_curllogs a curl-equivalent command for debugging (only whenPINECONE_DEBUG_CURLis set). It included the raw request body viabody.decode(), which CodeQL flags as cleartext logging of sensitive data. The body contains request payloads (vectors, query parameters, etc.).Fix
Replace the raw body with
'<N bytes>'in the curl output. This:The API key is already redacted by
_redact_headers— this change covers the body.Verification
No behavior change to production code paths —
_log_curlonly executes whenPINECONE_DEBUG_CURLis set and logs atDEBUGlevel.Part of PIN-16 / PIN-27 (security tail), child of PIN-6.
🤖 Generated with Claude Code
Note
Low Risk
Change is limited to optional DEBUG curl logging behind an env var; no production request or API behavior changes.
Overview
When
PINECONE_DEBUG_CURLis enabled,_log_curlno longer writes the decoded request body into the debug curl line. It logs<N bytes>instead, so vector payloads and other request data are not written to logs while method, URL, and redacted headers stay useful for debugging.Unit coverage is updated so the curl output asserts on byte length and confirms the JSON body is not present.
Reviewed by Cursor Bugbot for commit 22719d7. Bugbot is set up for automated code reviews on this repo. Configure here.