Skip to content

Guard query logging with unsafeLogUnredactedQueries flag#565

Merged
peter-leonov-ch merged 11 commits intomainfrom
copilot/sub-pr-520
Feb 23, 2026
Merged

Guard query logging with unsafeLogUnredactedQueries flag#565
peter-leonov-ch merged 11 commits intomainfrom
copilot/sub-pr-520

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Feb 19, 2026
edited
Loading

Summary

Queries were being logged indirectly through URL parameters without checking the unsafeLogUnredactedQueries flag, potentially exposing sensitive data in logs even when users hadn't opted in.

Fixed locations:

  • logResponse(): Redacts query parameter from request_params (URL search params) before logging, preserving the ? prefix for log format compatibility
  • logRequestError(): Redacts query parameter from search_params before logging

Both Insert operations and some Exec/Command operations send queries as URL parameters, which were being logged at DEBUG and ERROR levels respectively.

Additional changes:

  • Added lint:fix scripts to workspace packages for pre-commit hook compatibility
  • Added comprehensive test coverage for query redaction behavior in both DEBUG response logs and ERROR request logs
  • Maintained backward compatibility with existing log formats

Checklist

  • Unit and integration tests covering the common scenarios were added
  • A human-readable description of the changes was provided to include in CHANGELOG

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

Copilot AI mentioned this pull request Feb 19, 2026
Merged
2 tasks
@CLAassistant
Copy link
Copy Markdown

CLAassistant commented Feb 19, 2026
edited
Loading

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
1 out of 2 committers have signed the CLA.

✅ peter-leonov-ch
❌ Copilot
You have signed the CLA already but the status is still pending? Let us recheck it.

Copilot AI changed the title [WIP] Add experimental tracing logging for command() Guard query logging with unsafeLogUnredactedQueries flag Feb 19, 2026
Base automatically changed from tracing-logging-command to main February 23, 2026 17:25
@peter-leonov-ch peter-leonov-ch changed the title Guard query logging with unsafeLogUnredactedQueries flag Guard query logging with unsafeLogUnredactedQueries flag Feb 23, 2026
@peter-leonov-ch peter-leonov-ch marked this pull request as ready for review February 23, 2026 17:54
Copilot AI review requested due to automatic review settings February 23, 2026 17:54
Copilot AI reviewed Feb 23, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR addresses a sensitive-data exposure risk by ensuring SQL queries passed via URL parameters are not logged unless unsafeLogUnredactedQueries is explicitly enabled. It also adds lint:fix scripts across workspace packages to support pre-commit workflows.

Changes:

  • Redact the query URL/search parameter in Node client DEBUG response logs and ERROR request-error logs unless unsafeLogUnredactedQueries is true.
  • Add lint:fix scripts to workspace packages for eslint autofix support.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.

File Description
packages/client-node/src/connection/node_base_connection.ts Redacts query from logged URL/search params unless explicitly allowed.
packages/client-node/package.json Adds lint:fix script for eslint autofix.
packages/client-web/package.json Adds lint:fix script for eslint autofix.
packages/client-common/package.json Adds lint:fix script for eslint autofix.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@codecov
Copy link
Copy Markdown

codecov bot commented Feb 23, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

Copilot AI and others added 2 commits February 23, 2026 20:26
@peter-leonov-ch
add tests
c7de34c 
Co-authored-by: peter-leonov-ch <[email protected]>
@peter-leonov-ch
the is a test that expects it to be a string
45b9c6f 
stringifying for now
@peter-leonov-ch peter-leonov-ch merged commit 27ebd61 into main Feb 23, 2026
48 checks passed
@peter-leonov-ch peter-leonov-ch deleted the copilot/sub-pr-520 branch February 23, 2026 19:42
@peter-leonov-ch
Copy link
Copy Markdown
Collaborator

peter-leonov-ch commented Feb 26, 2026

@copilot assess the risks (security, API stability, performance) introduced in this change.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@peter-leonov-ch peter-leonov-ch Awaiting requested review from peter-leonov-ch peter-leonov-ch is a code owner

@mshustov mshustov Awaiting requested review from mshustov mshustov is a code owner

Assignees

Copilot code review Copilot

@peter-leonov-ch peter-leonov-ch

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@CLAassistant @peter-leonov-ch