fix: remove credential-leaking debug logs in logger plugins#13502
Open
AlinsRan wants to merge 6 commits into
Open
fix: remove credential-leaking debug logs in logger plugins#13502AlinsRan wants to merge 6 commits into
AlinsRan wants to merge 6 commits into
Conversation
… syslog The elasticsearch-logger plugin logged the full bulk request body and the syslog plugin logged the full RFC5424 payload (plus every buffered entry) at info/debug level. These messages contain the serialized request and response data (headers, bodies) and can leak credentials into the error log. Follow-up to apache#13205, which removed the same pattern from sls-logger, tcp-logger and udp-logger but did not cover these two plugins. Signed-off-by: AlinsRan <alinsran@apache.org>
dosubot
Bot
added
size:XS
…-logger
Both plugins logged the full serialized batch payload via
core.log.info("send data to kafka/rocketmq: ", data) right before sending
it. That payload is the serialized log entries, which by default include
request and response headers and bodies, so it can leak credentials into
the error log when the log level is set to info.
Remove the production log statements. The tests relied on this line to
observe what was queued for delivery, so the same observability is
reproduced with a test-only hook that logs each batch entry from
batch-processor-manager.
Signed-off-by: AlinsRan <alinsran@apache.org>
AlinsRan
changed the title
5 tasks
syslog.t TEST 20/21 asserted the request/response body that appeared in
the removed core.log.info("collect_data:"..rfc5424_data) line. Log each
batch entry (the rfc5424 payload) from a test-only batch-processor hook so
those assertions keep working; production code no longer logs the payload.
…-only http hook
elasticsearch-logger.t (TEST 14/19/20) and elasticsearch-logger2.t
(TEST 5-9) asserted the endpoint uri and bulk body that appeared in the
removed core.log.info("uri: ..., body: ...") line. Wrap http.request_uri
in a block preprocessor so the same uri/body is logged from the test only,
composing with the existing per-block mocks.
dosubot
Bot
added
size:L
Address review feedback: the add_entry_to_new_processor wrapper logged the entry unconditionally, while add_entry only logged on success. Make both wrappers log only when the entry was actually queued (the manager returns true only after pushing), so the test hooks never report an entry that was discarded.
sls-logger logged the full rfc5424 payload via
core.log.debug("sls logger send data ", log_message) right before sending
it. The payload is the serialized log data (request/response headers and
bodies), so it can leak credentials into the error log at debug level.
No test relies on this line.
nic-6443
approved these changes
Jun 11, 2026
shreemaan-abhishek
approved these changes
Jun 11, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Several logger plugins print the full serialized log payload at
info/debuglevel. The payload is the serialized log entries, which by default include request/response headers and bodies, so it can leak credentials (e.g.Authorization/Cookieheaders) into the error log:elasticsearch-logger.lua— loggeduriand the full bulkbody.syslog/init.lua— logged the full RFC5424 payload and every buffered entry.sls-logger.lua— logged the full RFC5424 payload before sending it (debug level).kafka-logger.lua/rocketmq-logger.lua— logged the full serialized batch payload right before sending it.This PR removes those statements.
For
elasticsearch-logger,syslogandsls-logger, no test relies on the removed lines. Forkafka-loggerandrocketmq-logger, the existing tests used the removed log line to observe what was queued for delivery, so the same observability is reproduced with a test-only hook that logs each batch entry frombatch-processor-manager(the entry is the exact object that gets sent, so content-sensitive assertions — including theno_error_logbody-filter cases — keep working). Production code no longer logs the payload.Checklist