Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove leak of entire variableContent on variable validation. #892

Open
Sam-tesouro opened this issue Sep 19, 2024 · 1 comment
Open

Remove leak of entire variableContent on variable validation. #892

Sam-tesouro opened this issue Sep 19, 2024 · 1 comment
Labels
internally-reviewed Internally reviewed

Comments

@Sam-tesouro
Copy link
Contributor

Sam-tesouro commented Sep 19, 2024

RELATED cosmo-issues-1182

Currently if a request fails variable validation via renderVariableRequiredNotProvidedError or renderVariableInvalidObjectTypeError the entire variable content is dumped onto the message which then makes it's way onto telemetry as statusMessage regardless of any compliance settings.

This is less then ideal from a compliance perspective because there may be sensitive information leaked that we have no reason to believe is malformed. It makes the complexity of adhering to PII regulations such as PCI more challenging.

A simple solution would be to simply remove the variable content from the message. I would be more then happy to make this change and update relevant tests if y'all believe this is worthwhile.

I see there is also already a secondary mechanism on Cosmo by which you could add export variables as trace attributes (TRACING_EXPORT_GRAPHQL_VARIABLES) so I believe this change has very limited demerits.

Proposed change

func (v *variablesVisitor) renderVariableInvalidObjectTypeError(typeName []byte, variablesNode astjson.Node) {
	out := &bytes.Buffer{}
	err := v.variables.PrintNode(variablesNode, out)
	if err != nil {
		v.err = err
		return
	}
	v.err = &InvalidVariableError{
		Message: fmt.Sprintf(`Variable "$%s" got invalid value; Expected type "%s" to be an object.`, string(v.currentVariableName), string(typeName)),
	}
}

func (v *variablesVisitor) renderVariableRequiredNotProvidedError(fieldName []byte, typeRef int) {
	out := &bytes.Buffer{}
	err := v.variables.PrintNode(v.variables.Nodes[v.currentVariableJsonNodeRef], out)
	if err != nil {
		v.err = err
		return
	}
	out.Reset()
	err = v.definition.PrintType(typeRef, out)
	if err != nil {
		v.err = err
		return
	}
	v.err = &InvalidVariableError{
		Message: fmt.Sprintf(`Variable "$%s" got invalid value; Field "%s" of required type "%s" was not provided.`, string(v.currentVariableName), string(fieldName), out.String()),
	}
}
@jensneuse jensneuse added the internally-reviewed Internally reviewed label Oct 1, 2024
@jensneuse
Copy link
Member

I've responded in the corresponding issue on the cosmo repo.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
internally-reviewed Internally reviewed
Projects
None yet
Development

No branches or pull requests

2 participants