-
Notifications
You must be signed in to change notification settings - Fork 125
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sanitize "api_key" from verbose log #3558
Conversation
Thanks for your contribution! Depending on what you are working on, you may want to request a review from a Shopify team:
|
Coverage report
Show files with reduced coverage 🔻
Test suite run success1616 tests passing in 754 suites. Report generated by 🧪jest coverage report action from dfa068f |
We detected some changes at either packages/*/src or packages/cli-kit/assets/cli-ruby/** and there are no updates in the .changeset. |
@theodoretan I looked into analytics and it looks like the key is already santized to SHOPIFY_API_KEY there, so this should be good. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. You might want a 2nd review since I am new and don't know these codebases/systems well. But this seems clear and simple!
@@ -198,7 +198,7 @@ export async function publishMonorailEvent<TSchemaId extends keyof Schemas, TPay | |||
const response = await fetch(url, {method: 'POST', body, headers}) | |||
|
|||
if (response.status === 200) { | |||
outputDebug(outputContent`Analytics event sent: ${outputToken.json(payload)}`) | |||
outputDebug(outputContent`Analytics event sent: ${outputToken.json(sanitizePayload(payload))}`) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is this the only place where we were printing the api_key?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes I believe it is
5556cc2
to
fd7f92a
Compare
WHY are these changes introduced?
Fixes #3518
The
api_key
is visible in the verbose log onshopify app config link
. While this isn't critical as this is on the developers machine, these logs are required when opening a bug ticket.WHAT is this pull request doing?
Replaces the
api_key
with****
for the logs output.How to test your changes?
Post-release steps
Measuring impact
How do we know this change was effective? Please choose one:
Checklist
dev
ordeploy
have been reflected in the internal flowchart.