Skip to content

fix: omit request body from PINECONE_DEBUG_CURL output (CodeQL)#688

Open
jhamon wants to merge 2 commits into
mainfrom
security/redact-curl-debug-body
Open

fix: omit request body from PINECONE_DEBUG_CURL output (CodeQL)#688
jhamon wants to merge 2 commits into
mainfrom
security/redact-curl-debug-body

Conversation

@jhamon

@jhamon jhamon commented Jul 11, 2026

Copy link
Copy Markdown
Collaborator

Summary

Resolves CodeQL py/clear-text-logging-sensitive-data alert #83 at pinecone/_internal/http_client.py:118.

Problem

_log_curl logs a curl-equivalent command for debugging (only when PINECONE_DEBUG_CURL is set). It included the raw request body via body.decode(), which CodeQL flags as cleartext logging of sensitive data. The body contains request payloads (vectors, query parameters, etc.).

Fix

Replace the raw body with '<N bytes>' in the curl output. This:

  • Removes the taint source, resolving the CodeQL alert.
  • Preserves the body length for debugging context.
  • Keeps full diagnostic value for the method, URL, and (already-redacted) headers.

The API key is already redacted by _redact_headers — this change covers the body.

Verification

No behavior change to production code paths — _log_curl only executes when PINECONE_DEBUG_CURL is set and logs at DEBUG level.

Part of PIN-16 / PIN-27 (security tail), child of PIN-6.

🤖 Generated with Claude Code


Note

Low Risk
Change is limited to optional DEBUG curl logging behind an env var; no production request or API behavior changes.

Overview
When PINECONE_DEBUG_CURL is enabled, _log_curl no longer writes the decoded request body into the debug curl line. It logs <N bytes> instead, so vector payloads and other request data are not written to logs while method, URL, and redacted headers stay useful for debugging.

Unit coverage is updated so the curl output asserts on byte length and confirms the JSON body is not present.

Reviewed by Cursor Bugbot for commit 22719d7. Bugbot is set up for automated code reviews on this repo. Configure here.

Resolves CodeQL py/clear-text-logging-sensitive-data alert #83.
_log_curl logs a curl-equivalent for debugging, but including the raw
request body could expose vector data. Emit body size instead, which is
enough for debugging while removing the taint source.

Headers are already redacted via _redact_headers (Api-Key masked).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This PR changed _log_curl to emit '-d <N bytes>' instead of the raw
body (CodeQL cleartext-logging remediation), which made the existing
test_curl_logging_includes_body assertion stale — it still required the
raw payload to appear in the log, so unit tests failed on py3.10–3.13.

Rename to test_curl_logging_omits_body_content and assert the new
contract: '-d ' is present, the size marker '<27 bytes>' is present,
and the raw body is NOT logged.

Verified: pytest tests/unit/test_debug_logging.py -> 10 passed.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@jhamon

jhamon commented Jul 14, 2026

Copy link
Copy Markdown
Collaborator Author

PR Feedback Autofix pass

The unit-test failure (py3.10–3.13) was self-inflicted: this PR changed _log_curl to emit -d '<N bytes>' instead of the raw body, but test_curl_logging_includes_body still asserted the raw payload appears in the log:

assert '{"vectors": [{"id": "v1"}]}' in caplog.text  # FAILED

Fixed in 22719d7: renamed the test to test_curl_logging_omits_body_content and updated it to assert the new (intended) contract — -d present, size marker <27 bytes> present, raw body absent. Verified locally: pytest tests/unit/test_debug_logging.py → 10 passed. This aligns the test with the CodeQL cleartext-logging remediation the PR ships.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant