search

smithy-lang / smithy-kotlin

Smithy code generator for Kotlin (in development)
Apache License 2.0
76 stars 26 forks source link

fix!: gate logging intermediate signing results which may contain sensitive information #984

Closed aajtodd closed 9 months ago

aajtodd commented 9 months ago

Issue \

n/a

Description of changes

We gate logging HTTP requests and responses because headers and query parameters (and the body) could have sensitive information bound to them from the model. We currently log canonical request during signing which may contain many of the same details (headers, query params, etc). This PR adds LogMode.LogSigning which gates logging these details unless explicitly opted into.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

sonarcloud[bot] commented 9 months ago

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication