Skip to content

fix: redact bot_access_tokens from the debug logs of socket mode#1519

Merged
seratch merged 3 commits intoslackapi:mainfrom
WilliamBergamin:redact-tokens-from-debug-logs
Jun 26, 2024
Merged

fix: redact bot_access_tokens from the debug logs of socket mode#1519
seratch merged 3 commits intoslackapi:mainfrom
WilliamBergamin:redact-tokens-from-debug-logs

Conversation

@WilliamBergamin
Copy link
Contributor

Summary

This PR modified the behavior of socket mode in order to redact bot_access_tokens out of the debug logs

Since the raw payload message is printed, I implemented a regex based solution, this feels less then idea for maintainability purposes, let me know if there are other better alternatives to this

Category (place an x in each of the [ ])

  • slack_sdk.web.WebClient (sync/async) (Web API client)
  • slack_sdk.webhook.WebhookClient (sync/async) (Incoming Webhook, response_url sender)
  • slack_sdk.socket_mode (Socket Mode client)
  • slack_sdk.signature (Request Signature Verifier)
  • slack_sdk.oauth (OAuth Flow Utilities)
  • slack_sdk.models (UI component builders)
  • slack_sdk.scim (SCIM API client)
  • slack_sdk.audit_logs (Audit Logs API client)
  • slack_sdk.rtm_v2 (RTM client)
  • /docs-src (Documents, have you run ./scripts/docs.sh?)
  • /docs-src-v2 (Documents, have you run ./scripts/docs-v2.sh?)
  • /tutorial (PythOnBoardingBot tutorial)
  • tests/integration_tests (Automated tests for this library)

Requirements (place an x in each [ ])

  • I've read and understood the Contributing Guidelines and have done my best effort to follow them.
  • I've read and agree to the Code of Conduct.
  • I've run python3 -m venv .venv && source .venv/bin/activate && ./scripts/run_validation.sh after making the changes.

@codecov
Copy link

codecov bot commented Jun 26, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 84.89%. Comparing base (aa3c792) to head (4edc370).

Additional details and impacted files
@@           Coverage Diff           @@
##             main    #1519   +/-   ##
=======================================
  Coverage   84.89%   84.89%           
=======================================
  Files         112      113    +1     
  Lines       12473    12480    +7     
=======================================
+ Hits        10589    10595    +6     
- Misses       1884     1885    +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

Copy link
Contributor

@seratch seratch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for working on this! The change looks good to me but here is a minor suggestion on naming

import re


def debug_message_redact(message: str) -> str:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems that you followed this file and method naming: https://github.com/slackapi/bolt-python/blob/main/slack_bolt/logger/messages.py The format is more of "{log_level}_{log meaning}", thus "debug_redacted_message_string" or something like that would be even better. What do you think?

Suggested change
def debug_message_redact(message: str) -> str:
def debug_redacted_message_string(message: str) -> str:

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed 👍 I like debug_redacted_message_string

@WilliamBergamin WilliamBergamin requested a review from seratch June 26, 2024 22:05
Copy link
Contributor

@seratch seratch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@seratch seratch merged commit 152dba4 into slackapi:main Jun 26, 2024
@WilliamBergamin WilliamBergamin deleted the redact-tokens-from-debug-logs branch June 27, 2024 13:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants