security: stop logging raw request body in PINECONE_DEBUG_CURL (CodeQL #83)#687
Open
jhamon wants to merge 1 commit into
Open
security: stop logging raw request body in PINECONE_DEBUG_CURL (CodeQL #83)#687jhamon wants to merge 1 commit into
jhamon wants to merge 1 commit into
Conversation
…G_CURL Fixes CodeQL py/clear-text-logging-sensitive-data alert #83 at pinecone/_internal/http_client.py _log_curl. The debug curl logger previously emitted the raw request body via `-d '<body>'`. Pinecone request bodies carry user vector and metadata payloads that may contain sensitive data (e.g. PII in metadata), so the body is no longer logged verbatim even under the PINECONE_DEBUG_CURL opt-in. It is replaced with a `--data-binary @body.json # N byte body omitted` placeholder that records the size and shows where to supply the payload manually. Sensitive headers remain redacted as before. This removes the CodeQL finding at the source (no clear-text path to the logger) rather than dismissing it. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes CodeQL code-scanning alert #83
py/clear-text-logging-sensitive-data(error/high) atpinecone/_internal/http_client.py_log_curl.The
PINECONE_DEBUG_CURLdebug logger previously emitted the raw request body as-d '<body>'. CodeQL flags thebody.decode(...)expression as clear-text logging of sensitive data.Change
Stop logging the request body verbatim. Pinecone request bodies carry user vector and metadata payloads that may contain sensitive data (e.g. PII embedded in metadata), so even under the explicit
PINECONE_DEBUG_CURLopt-in the body is now replaced with:This records the payload size and shows where to supply the body manually, while removing the clear-text path to the logger entirely. Sensitive headers (
Api-Key,Authorization,Proxy-Authorization) remain redacted as before.This removes the finding at the source rather than dismissing it — no code-scanning
security_eventsscope needed.Testing
Updated the two tests that asserted raw body content; added assertions that the body contents are absent and the byte-count placeholder is present.
Resolves PIN-27 (child of PIN-16).
🤖 Generated with Claude Code
Note
Low Risk
Debug-only, opt-in logging path with no change to request behavior; reduces exposure of user data in logs.
Overview
Stops logging raw HTTP request bodies when
PINECONE_DEBUG_CURLis enabled, addressing CodeQL clear-text logging of sensitive data in_log_curl.Instead of emitting
-d '<decoded body>', the curl-equivalent debug line now uses--data-binary @body.json # <N> byte body omitted, so payload size is visible without writing vectors/metadata (possible PII) to logs. Sensitive header redaction is unchanged.Unit tests were updated to assert bodies are absent from logs and the byte-count placeholder is present, including for
HTTPClient.postintegration.Reviewed by Cursor Bugbot for commit c93062e. Bugbot is set up for automated code reviews on this repo. Configure here.